From d7c7208e3720d72dadec01ee997c350096ab6b15 Mon Sep 17 00:00:00 2001
From: yanjinhui <3306209981@qq.com>
Date: 星期五, 14 十一月 2025 14:33:59 +0800
Subject: [PATCH] 11
---
项目代码/后端/后台管理/WIDESEAWCS_Server/WIDESEAWCS_Server/Program.cs | 126 +++++++++++++++++++++---------------------
1 files changed, 63 insertions(+), 63 deletions(-)
diff --git "a/\351\241\271\347\233\256\344\273\243\347\240\201/\345\220\216\347\253\257/\345\220\216\345\217\260\347\256\241\347\220\206/WIDESEAWCS_Server/WIDESEAWCS_Server/Program.cs" "b/\351\241\271\347\233\256\344\273\243\347\240\201/\345\220\216\347\253\257/\345\220\216\345\217\260\347\256\241\347\220\206/WIDESEAWCS_Server/WIDESEAWCS_Server/Program.cs"
index 5900489..722d71d 100644
--- "a/\351\241\271\347\233\256\344\273\243\347\240\201/\345\220\216\347\253\257/\345\220\216\345\217\260\347\256\241\347\220\206/WIDESEAWCS_Server/WIDESEAWCS_Server/Program.cs"
+++ "b/\351\241\271\347\233\256\344\273\243\347\240\201/\345\220\216\347\253\257/\345\220\216\345\217\260\347\256\241\347\220\206/WIDESEAWCS_Server/WIDESEAWCS_Server/Program.cs"
@@ -108,10 +108,10 @@
Encoding.RegisterProvider(CodePagesEncodingProvider.Instance);
//瑙e喅鏈嶅姟鍣ㄥ湪HTTP鍝嶅簲涓嚜鍔ㄦ坊鍔犱簡涓�浜涗笉蹇呰鐨勬爣澶�
-builder.WebHost.ConfigureKestrel(serverOptions =>
-{
- serverOptions.AddServerHeader = false;
-});
+//builder.WebHost.ConfigureKestrel(serverOptions =>
+//{
+// serverOptions.AddServerHeader = false;
+//});
var app = builder.Build();
@@ -133,24 +133,24 @@
//X-Content-Type-Options鈥濆ご缂哄け鎴栦笉瀹夊叏
// 浣跨敤 AddDefaultSecurityHeaders 鏂规硶娣诲姞涓�缁勬帹鑽愮殑瀹夊叏鏍囧ご
-app.UseSecurityHeaders(policies => policies
- .AddFrameOptionsDeny() // 娣诲姞 X-Frame-Options: DENY
- .AddContentTypeOptionsNoSniff() // 杩欏氨鏄綘闇�瑕佺殑 X-Content-Type-Options: nosniff
- .AddXssProtectionBlock() // 娣诲姞 X-XSS-Protection: 1; mode=block
- .AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365) // 娣诲姞 HSTS 澶�
- // 绉婚櫎鏈嶅姟鍣ㄤ俊鎭ご
- //.AddCustomHeader("X-Powered-By", string.Empty) // 娉ㄦ剰鏄� AddCustomHeader
- //瑙e喅Content-Security-Policy缂哄け
- .AddContentSecurityPolicy(builder =>
- {
- builder.AddDefaultSrc().Self();
- builder.AddScriptSrc().Self();
- builder.AddStyleSrc().Self();
- builder.AddImgSrc().Self().Data();
- builder.AddFontSrc().Self();
- })
+//app.UseSecurityHeaders(policies => policies
+// .AddFrameOptionsDeny() // 娣诲姞 X-Frame-Options: DENY
+// .AddContentTypeOptionsNoSniff() // 杩欏氨鏄綘闇�瑕佺殑 X-Content-Type-Options: nosniff
+// .AddXssProtectionBlock() // 娣诲姞 X-XSS-Protection: 1; mode=block
+// .AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365) // 娣诲姞 HSTS 澶�
+// // 绉婚櫎鏈嶅姟鍣ㄤ俊鎭ご
+// //.AddCustomHeader("X-Powered-By", string.Empty) // 娉ㄦ剰鏄� AddCustomHeader
+// //瑙e喅Content-Security-Policy缂哄け
+// .AddContentSecurityPolicy(builder =>
+// {
+// builder.AddDefaultSrc().Self();
+// builder.AddScriptSrc().Self();
+// builder.AddStyleSrc().Self();
+// builder.AddImgSrc().Self().Data();
+// builder.AddFontSrc().Self();
+// })
-);
+//);
// 鎵嬪姩绉婚櫎澶氫綑鍝嶅簲澶达紙鏃х増鍖呭繀椤伙級
app.Use(async (context, next) =>
{
@@ -160,54 +160,54 @@
await next();
});
// 鎷︽埅鏁忔劅璺緞锛岃繑鍥� 404
-app.Use(async (context, next) =>
-{
- var path = context.Request.Path.Value ?? string.Empty;
+//app.Use(async (context, next) =>
+//{
+// var path = context.Request.Path.Value ?? string.Empty;
- var blacklist = new[]
- {
- "/.git", "/.svn", "/.env", "/backup", "/backups", "/config", "/database", "/.idea", "/.vscode", "/node_modules"
- };
+// var blacklist = new[]
+// {
+// "/.git", "/.svn", "/.env", "/backup", "/backups", "/config", "/database", "/.idea", "/.vscode", "/node_modules"
+// };
- if (path.Contains("..") || blacklist.Any(b => path.StartsWith(b, StringComparison.OrdinalIgnoreCase)))
- {
- context.Response.StatusCode = StatusCodes.Status404NotFound;
- await context.Response.WriteAsync("Not Found");
- return;
- }
- await next();
-});
+// if (path.Contains("..") || blacklist.Any(b => path.StartsWith(b, StringComparison.OrdinalIgnoreCase)))
+// {
+// context.Response.StatusCode = StatusCodes.Status404NotFound;
+// await context.Response.WriteAsync("Not Found");
+// return;
+// }
+// await next();
+//});
//搴旂敤绋嬪簭鎸囨爣鏁版嵁鏆撮湶
-app.Use(async (context, next) =>
-{
- var path = context.Request.Path.Value ?? string.Empty;
- // 闇�瑕佷繚鎶ょ殑绔偣鍓嶇紑
- var sensitivePrefixes = new[]
- {
- "/metrics", "/health", "/actuator", "/diagnostics", "/debug", "/metrics/prometheus"
- };
+//app.Use(async (context, next) =>
+//{
+// var path = context.Request.Path.Value ?? string.Empty;
+// // 闇�瑕佷繚鎶ょ殑绔偣鍓嶇紑
+// var sensitivePrefixes = new[]
+// {
+// "/metrics", "/health", "/actuator", "/diagnostics", "/debug", "/metrics/prometheus"
+// };
- if (sensitivePrefixes.Any(p => path.StartsWith(p, StringComparison.OrdinalIgnoreCase)))
- {
- var secret = app.Configuration["Internal:MetricsKey"]; // 鍦� appsettings.json 鎴� 鐜鍙橀噺閲岄厤缃�
- if (string.IsNullOrWhiteSpace(secret))
- {
- // 鏈厤缃瘑閽ワ細涓轰簡瀹夊叏鎷掔粷璁块棶
- context.Response.StatusCode = StatusCodes.Status403Forbidden;
- await context.Response.WriteAsync("Forbidden");
- return;
- }
+// if (sensitivePrefixes.Any(p => path.StartsWith(p, StringComparison.OrdinalIgnoreCase)))
+// {
+// var secret = app.Configuration["Internal:MetricsKey"]; // 鍦� appsettings.json 鎴� 鐜鍙橀噺閲岄厤缃�
+// if (string.IsNullOrWhiteSpace(secret))
+// {
+// // 鏈厤缃瘑閽ワ細涓轰簡瀹夊叏鎷掔粷璁块棶
+// context.Response.StatusCode = StatusCodes.Status403Forbidden;
+// await context.Response.WriteAsync("Forbidden");
+// return;
+// }
- if (!context.Request.Headers.TryGetValue("X-Internal-Secret", out var provided) || provided != secret)
- {
- context.Response.StatusCode = StatusCodes.Status401Unauthorized;
- await context.Response.WriteAsync("Unauthorized");
- return;
- }
- }
+// if (!context.Request.Headers.TryGetValue("X-Internal-Secret", out var provided) || provided != secret)
+// {
+// context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+// await context.Response.WriteAsync("Unauthorized");
+// return;
+// }
+// }
- await next();
-});
+// await next();
+//});
app.UseHttpsRedirection();
app.UseIpLimitMiddle();
--
Gitblit v1.9.3