cancel
Showing results for 
Search instead for 
Did you mean: 

Swagger doesn't like <requestFiltering removeServerHeader="true" /> in web.config

SOLVED
rgordey
New Contributor

Swagger doesn't like <requestFiltering removeServerHeader="true" /> in web.config

Swagger stops working with <requestFiltering removeServerHeader="true" /> in web.config.

 

Brand new Asp.net Core API (5.0.8) with Swagger. I am trying to follow The ASP.NET Core security headers guide

 

Is this web article incorrect or out-of-date?

 

My working web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>

  <!-- To customize the asp.net core module uncomment and edit the following section. 
  For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->

  <system.webServer>
    <httpProtocol>
      <customHeaders>        
        <add name="X-Content-Type-Options" value="nosniff" />         
        <remove name="X-Powered-By" />
        <!--
        <requestFiltering removeServerHeader="true" />
       -->
      </customHeaders>
    </httpProtocol>
  </system.webServer>

</configuration>

 

1 ACCEPTED SOLUTION

Accepted Solutions
rgordey
New Contributor

Re: Swagger doesn't like <requestFiltering removeServerHeader="true" /> in web.confi

I had the line in the wrong section. New web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>

  <!-- To customize the asp.net core module uncomment and edit the following section. 
  For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
  
  <system.webServer>
    <directoryBrowse enabled="false" />
    <security>
      <requestFiltering removeServerHeader="true" />
    </security>
    <httpProtocol>
      <customHeaders>
        <add name="X-Content-Type-Options" value="nosniff" />
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>

</configuration>

View solution in original post

1 REPLY 1
rgordey
New Contributor

Re: Swagger doesn't like <requestFiltering removeServerHeader="true" /> in web.confi

I had the line in the wrong section. New web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>

  <!-- To customize the asp.net core module uncomment and edit the following section. 
  For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
  
  <system.webServer>
    <directoryBrowse enabled="false" />
    <security>
      <requestFiltering removeServerHeader="true" />
    </security>
    <httpProtocol>
      <customHeaders>
        <add name="X-Content-Type-Options" value="nosniff" />
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>

</configuration>

View solution in original post

New Here?
Join us and watch the welcome video: