From 4af60603614ebe830fceca3a65f05da4d5684262 Mon Sep 17 00:00:00 2001 From: Stanley Goldman Date: Fri, 14 Dec 2018 13:10:21 -0500 Subject: [PATCH 1/4] Forcing https --- src/BCC.Web/Startup.cs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/BCC.Web/Startup.cs b/src/BCC.Web/Startup.cs index c402fcf..5198965 100644 --- a/src/BCC.Web/Startup.cs +++ b/src/BCC.Web/Startup.cs @@ -184,6 +184,8 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF app.UseExceptionHandler("/Home/Error"); } + app.UseHttpsRedirection(); + app.UseSwagger(c => { c.RouteTemplate = "docs/{documentName}/swagger.json"; From 63d7561e6e42e8573e03cc80d0bb8a81f224091f Mon Sep 17 00:00:00 2001 From: Stanley Goldman Date: Fri, 14 Dec 2018 13:48:33 -0500 Subject: [PATCH 2/4] Use Hsts --- src/BCC.Web/Startup.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/BCC.Web/Startup.cs b/src/BCC.Web/Startup.cs index 5198965..7c64ed7 100644 --- a/src/BCC.Web/Startup.cs +++ b/src/BCC.Web/Startup.cs @@ -184,7 +184,7 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF app.UseExceptionHandler("/Home/Error"); } - app.UseHttpsRedirection(); + app.UseHsts(); app.UseSwagger(c => { From c3c81bae2147b314d6ff8a53d223e68240ee2a4d Mon Sep 17 00:00:00 2001 From: Stanley Goldman Date: Fri, 14 Dec 2018 13:49:38 -0500 Subject: [PATCH 3/4] Use Hsts only in production --- src/BCC.Web/Startup.cs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/BCC.Web/Startup.cs b/src/BCC.Web/Startup.cs index 7c64ed7..e8bdbd9 100644 --- a/src/BCC.Web/Startup.cs +++ b/src/BCC.Web/Startup.cs @@ -182,10 +182,9 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF else { app.UseExceptionHandler("/Home/Error"); + app.UseHsts(); } - app.UseHsts(); - app.UseSwagger(c => { c.RouteTemplate = "docs/{documentName}/swagger.json"; From 2e864a0312a82be4cd365a5fda26ce204ac13a54 Mon Sep 17 00:00:00 2001 From: Stanley Goldman Date: Fri, 14 Dec 2018 14:03:22 -0500 Subject: [PATCH 4/4] Configuration this time --- src/BCC.Web/Startup.cs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/BCC.Web/Startup.cs b/src/BCC.Web/Startup.cs index e8bdbd9..2a32fab 100644 --- a/src/BCC.Web/Startup.cs +++ b/src/BCC.Web/Startup.cs @@ -18,6 +18,7 @@ using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; +using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; @@ -52,6 +53,15 @@ public Startup(IConfiguration configuration) // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { + services.AddHttpsRedirection(options => options.RedirectStatusCode = StatusCodes.Status301MovedPermanently); + + services.AddHsts(options => + { + options.MaxAge = TimeSpan.FromDays(30); + options.Preload = true; + options.IncludeSubDomains = true; + }); + services.Configure(Configuration.GetSection("ApplicationInsightsLogger")); services.Configure(Configuration.GetSection("GitHub:App")); services.Configure(Configuration.GetSection("Auth")); @@ -185,6 +195,8 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF app.UseHsts(); } + app.UseHttpsRedirection(); + app.UseSwagger(c => { c.RouteTemplate = "docs/{documentName}/swagger.json";