ServerComponentsEndpointOptions.ContentSecurityFrameAncestorsPolicy Property

Reference

Definition

Namespace:: Microsoft.AspNetCore.Components.Server

Assembly:: Microsoft.AspNetCore.Components.Server.dll

Package:: Microsoft.AspNetCore.App.Ref v9.0.0

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Gets or sets the frame-ancestorsContent-Security-Policy to set in the HttpResponse when ConfigureWebSocketAcceptContext is set.

public string? ContentSecurityFrameAncestorsPolicy { get; set; }

member this.ContentSecurityFrameAncestorsPolicy : string with get, set

Public Property ContentSecurityFrameAncestorsPolicy As String

Property Value

String

Remarks

Setting this value to null will prevent the policy from being automatically applied, which might make the app vulnerable. Care must be taken to apply a policy in this case whenever the first document is rendered.

A content security policy provides defense against security threats that can occur if the app uses compression and can be embedded in other origins. When compression is enabled, embedding the app inside an iframe from other origins is forbidden.

For more details see the security recommendations for Interactive Server Components in the official documentation.

Applies to

Share via

ServerComponentsEndpointOptions.ContentSecurityFrameAncestorsPolicy Property

Definition

Property Value

Remarks

Applies to

Feedback

Additional resources