Napisałem pierwszego web.configa i mam problem. Jak odpalam backend na postmanie, to nie widzę kompletnie zmian w ustawieniach custom headers. (Na Azure wgrałem ten sam plik web.config - do /wwwroot). X-Frame-Options jak było DENY, tak nadal jest DENY... Inne też bez zmian. Czy ktoś może zasugerować przyczynę? Dzięki! Już trochę nad tym siedzę i bez efektu..
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<!-- START x-xss protection -->
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy"
value="default-src 'self';
font-src 'self' https://fonts.gstatic.com/s/materialicons/ https://fonts.gstatic.com/ https://fonts.googleapis.com/;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;
connect-src 'self' https://maps.googleapis.com/ https://fonts.gstatic.com/s/materialicons/;
script-src 'self' https://maps.googleapis.com/maps/api/ https://maps.google.com/ *.googleapis.com *.ggpht.com https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/html2canvas.js;
img-src 'self' https://maps.gstatic.com/ https://maps.google.com/ *.googleapis.com *.ggpht.com data:;" />
<remove name="X-Powered-By" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
<!-- END x-xss protection -->
<handlers>
<add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
</handlers>
<httpPlatform processPath="%JAVA_HOME%\bin\java.exe"
arguments="-Djava.net.preferIPv4Stack=true -Dserver.port=%HTTP_PLATFORM_PORT% -jar "%HOME%\site\wwwroot\AFSIBackend-@[email protected]"">
</httpPlatform>
<rewrite>
<rules>
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
<outboundRules>
<clear />
<rule name="Add SameSite" preCondition="No SameSite">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; SameSite=lax" />
</rule>
<preConditions>
<preCondition name="No SameSite">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=lax" negate="true" />
</preCondition>
</preConditions>
<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
<match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Rewrite" value="max-age=31536000" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>