Forum Discussion

rgordey's avatar
rgordey
New Contributor
3 years ago
Solved

Swagger doesn't like <requestFiltering removeServerHeader="true" /> in web.config

Swagger stops working with <requestFiltering removeServerHeader="true" /> in web.config.   Brand new Asp.net Core API (5.0.8) with Swagger. I am trying to follow The ASP.NET Core security headers g...
Swagger Codegen
Swagger Core
Swagger UI
  • rgordey's avatar
    rgordey
    3 years ago

    I had the line in the wrong section. New web.config:

    <?xml version="1.0" encoding="utf-8"?>
<configuration>

  <!-- To customize the asp.net core module uncomment and edit the following section. 
  For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
  
  <system.webServer>
    <directoryBrowse enabled="false" />
    <security>
      <requestFiltering removeServerHeader="true" />
    </security>
    <httpProtocol>
      <customHeaders>
        <add name="X-Content-Type-Options" value="nosniff" />
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>

</configuration>
rgordey's avatar
rgordey
New Contributor
3 years ago

I had the line in the wrong section. New web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>

  <!-- To customize the asp.net core module uncomment and edit the following section. 
  For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
  
  <system.webServer>
    <directoryBrowse enabled="false" />
    <security>
      <requestFiltering removeServerHeader="true" />
    </security>
    <httpProtocol>
      <customHeaders>
        <add name="X-Content-Type-Options" value="nosniff" />
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>

</configuration>