Web API: How do I clean up the data in my HttpResponse?

There are some very simple web.config settings that can be applied to reduce the amount on unnecessary data returned in an HttpReponse and to minimise ways that hackers can hijack system information.

Here is a quick snippet of web.config settings that may be useful.

<Config>
<system.web>
 <httpRuntime enableVersionHeader="false" />
</system.web>
<system.webServer>
<httpProtocol>
 <customHeaders>
<add name="Strict-Transport-Security" value="778000; includeSubdomains" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-Permitted-Cross-Domain-Policies" value="none" />
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="Cache-Control" value="no-store" />
<add name="Pragma" value="no-cache" />
<remove name="X-Powered-By" />
 </customHeaders>
</httpProtocol>
</system.webServer>
</Config>


Comments

Post a Comment

Popular posts from this blog

SharePoint 2013: Error updating managed account credentials

I encountered the following message when trying to change a password for a managed account: Error deploying administration application pool credentials. Another deployment may be active. An object of the type Microsoft.SharePoint.Administration.SPAdminAppPoolCredentialDeploymentJobDefinition named "job-admin-apppool-change" already exists under the parent Microsoft.SharePoint.Administration.SPTimerService named "SPTimerV4".  Rename your object or delete the existing object. The error message is self explanatory - Rename your object or delete the existing object.  I choose the latter. Powershell to the rescue. $job = Get-SPTimerJob -Identity "job-admin-apppool-change" $job.Delete() Reset the password and all should be good.
Read more

How can I call a JIRA api through Powershell?

 Navigate to https://id.atlassian.com/manage-profile/security/api-tokens and create an API token Then use the following code: $pair = "me@example.com:<My token here>" $bytes = [System.Text.Encoding]::ASCII.GetBytes($pair) $base64 = [System.Convert]::ToBase64String($bytes) $basicAuthValue = "Basic $base64" $headers = @{ Authorization = $basicAuthValue } $json = Invoke-RestMethod -Uri "https://<mydomain>.atlassian.net/rest/api/3/search?jql= <jql here>" -Method Get -Headers $headers
Read more