How do I set global content security policy headers?

[tcobbfis]

I need to set global csp headers for all tenants. It would be nice if they could be overwritten as needed by using the admin for an individual tenant. I don't want to have to set them all individually on every site through the admin.

[Piedone]

We've created ConfigureSecurityDefaultsWithStaticFiles() for that in https://github.com/Lombiq/Helpful-Libraries/blob/dev/Lombiq.HelpfulLibraries.OrchardCore/Docs/Security.md. You can call it from your root Program and it sets the headers in a configuration-aware way (like sets headers for GitHub when GitHub login is enabled). And you can configure your own headers.

[hishamco]

It would be nice to bring this in OC if you don't mind

[Piedone]

That would be a competing feature with the module.

[tcobbfis]

following advice from Mark Bartha with Lombiq, I basically made a copy of this file: Lombiq.HelpfulLibraries.AspNetCore/Security/CdnContentSecurityPolicyProvider.cs
and modified it. (Since I'm using the lombiq libraries)

then added it in program.cs