v1.1.0: Полный редизайн фронтенда, усиление безопасности и обновление версии

2026-04-21 15:21:18 +03:00
parent b6af5f047c
commit 176f1105ab
18 changed files with 1392 additions and 413 deletions
@@ -32,12 +32,17 @@ builder.Services.AddSingleton<ITelegramBotClient>(sp =>
    return new TelegramBotClient(token);
 });

-// Add Authentication
+// Add Authentication with hardened cookie settings
 builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options =>
    {
        options.LoginPath = "/login";
        options.AccessDeniedPath = "/access-denied";
+        options.Cookie.HttpOnly = true;
+        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+        options.Cookie.SameSite = SameSiteMode.Strict;
+        options.ExpireTimeSpan = TimeSpan.FromDays(7);
+        options.SlidingExpiration = true;
    });

 builder.Services.AddAuthorization();
@@ -58,6 +63,16 @@ if (!app.Environment.IsDevelopment())

 app.UseHttpsRedirection();

+// Security headers middleware
+app.Use(async (context, next) =>
+{
+    context.Response.Headers["X-Content-Type-Options"] = "nosniff";
+    context.Response.Headers["X-Frame-Options"] = "DENY";
+    context.Response.Headers["Referrer-Policy"] = "strict-origin-when-cross-origin";
+    context.Response.Headers["Permissions-Policy"] = "camera=(), microphone=(), geolocation=()";
+    await next();
+});
+
 app.UseAuthentication();
 app.UseAuthorization();
 app.UseAntiforgery();