AspNetCore.Docs icon indicating copy to clipboard operation
AspNetCore.Docs copied to clipboard
verified publisher icon dotnet

HSTS Configuration for docker container on App Service

Open phatcher opened this issue 1 year ago • 0 comments

Description

Not sure this is the correct page on comment on but seems to be the closest

I'm trying to get the Strict-Transport-Security header emitted whilst running as a docker container in Azure App Service and the advice given doesn't work i.e. I have the ForwardedHeadersOptions and the UseHsts set but no headers configured.

I did find a blog article which gives a solution that works...

  services.Configure<ForwardedHeadersOptions>(options =>
  {
      options.ForwardedHeaders = ForwardedHeaders.All;
      options.KnownNetworks.Clear();
      options.KnownProxies.Clear();
  });

Clearing the values then turns on the header, which implies the defaults don't work for my scenario, so...

  1. What should the KnownNetworks be set to
  2. What should the KnownProxies be set to

Page URL

https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-8.0#when-it-isnt-possible-to-add-forwarded-headers-and-all-requests-are-secure

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/host-and-deploy/proxy-load-balancer.md

Document ID

c48abb08-bea3-dcff-c067-2edf5dc9b3a6

Article author

@Rick-Anderson

phatcher avatar Aug 06 '24 10:08 phatcher