Solved
Swagger doesn't like <requestFiltering removeServerHeader="true" /> in web.config
Swagger stops working with <requestFiltering removeServerHeader="true" /> in web.config.
Brand new Asp.net Core API (5.0.8) with Swagger. I am trying to follow The ASP.NET Core security headers guide
Is this web article incorrect or out-of-date?
My working web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<!-- To customize the asp.net core module uncomment and edit the following section.
For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="X-Content-Type-Options" value="nosniff" />
<remove name="X-Powered-By" />
<!--
<requestFiltering removeServerHeader="true" />
-->
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
I had the line in the wrong section. New web.config:
<?xml version="1.0" encoding="utf-8"?> <configuration> <!-- To customize the asp.net core module uncomment and edit the following section. For more info see https://go.microsoft.com/fwlink/?linkid=838655 --> <system.webServer> <directoryBrowse enabled="false" /> <security> <requestFiltering removeServerHeader="true" /> </security> <httpProtocol> <customHeaders> <add name="X-Content-Type-Options" value="nosniff" /> <remove name="X-Powered-By" /> </customHeaders> </httpProtocol> </system.webServer> </configuration>
