I Have 2 web applications: MVC & Blazor webassembly.
In MVC project I was able to set up the application to enforce the strict-transport-security
by adding HSTS Middleware in startup class by following the instructions in Microsoft documentation.
The question is: how can I configure a Blazor webassembly to enforce strict-transport-security in its response headers?
I tried that by adding the following web.config
file to the project:
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location>
<system.webServer>
<security xdt:Transform="Insert">
<requestFiltering removeServerHeader="true" />
</security>
<httpProtocol xdt:Transform="Insert">
<customHeaders>
<remove name="X-Powered-By" />
<add name="Strict-Transport-Security" value="max-age=31536000" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>
</configuration>
But I could not deploy the application after adding this config file.