Security (`OrchardCore.Security`)¶

This module adds HTTP headers to follow security best practices.

Security Settings¶

Enabling the OrchardCore.Security module will allow the user to set the following settings:

Setting	Description
`ContentSecurityPolicy`	Gets or sets the `Content-Security-Policy` HTTP header.
`ContentTypeOptions`	Gets or sets the `X-Content-Type-Options` HTTP header.
`PermissionsPolicy`	Gets or sets the `Permissions-Policy` HTTP header.
`ReferrerPolicy`	Gets or sets the `Referrer-Policy` HTTP header.

Note

The Content-Security-Policy HTTP header contains the frame-ancestors directive which obsoleted the X-Frame-Options HTTP header.

Security Settings Configuration¶

The OrchardCore.Security module allows the user to use configuration values to override the AdminSettings by calling ConfigureSecuritySettings() extension method.

The following configuration values can be customized:

{
  "OrchardCore_Security": {
    "ContentSecurityPolicy": {},
    "PermissionsPolicy": {
      "fullscreen": "self"
    },
    "ReferrerPolicy": "no-referrer"
  }
}

For more information please refer to Configuration.

Security (OrchardCore.Security)¶

Security Settings¶

Security Settings Configuration¶

Video¶

Security (`OrchardCore.Security`)¶