Skip to content

Add hardening for AzureFunction template #197

Description

@jklotzsche-msft

Just a suggestion: You could add some hardening to your Azure Function App template. e.g.:

host.json
{
"version": "2.0",
"extensions": {
"http": {
"routePrefix": "",
"customHeaders": {
"Permissions-Policy": "geolocation=()",
"X-Frame-Options": "SAMEORIGIN",
"Content-Security-Policy": "default-src 'self'",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
"X-Content-Type-Options": "nosniff",
"Referrer-Policy": "no-referrer"
}
}
},
"managedDependency": {
"Enabled": false
},
"extensionBundle": {
"id": "Microsoft.Azure.Functions.ExtensionBundle",
"version": "[3.*, 4.0.0)"
}
}

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions