Created
October 23, 2016 11:52
-
-
Save cakriwut/de3fb3fba489cfdf1b3558c1a4b447c4 to your computer and use it in GitHub Desktop.
Custom HTTP Module to sanitize SharePoint response header
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Text; | |
| using System.Web; | |
| namespace Custom.ServerModules | |
| { | |
| public class CustomHttpHeaderModule : IHttpModule | |
| { | |
| public void Init(HttpApplication context) | |
| { | |
| context.PreSendRequestHeaders += OnPreSendRequestHeaders; | |
| } | |
| public void Dispose() | |
| { | |
| } | |
| void OnPreSendRequestHeaders(object sender, EventArgs e) | |
| { | |
| TryRemoveResponseHeader("Server"); | |
| TryRemoveResponseHeader("X-AspNet-Version"); | |
| TryRemoveResponseHeader("X-SharePointHealthScore"); | |
| TryRemoveResponseHeader("SPRequestGuid"); | |
| TryRemoveResponseHeader("X-Powered-By"); | |
| TryRemoveResponseHeader("MicrosoftSharePointTeamServices"); | |
| TryRemoveResponseHeader("SPIisLatency"); | |
| TryRemoveResponseHeader("SPRequestDuration"); | |
| TryRemoveResponseHeader("X-MS-InvokeApp"); | |
| // Add header | |
| HttpContext.Current.Response.AddHeader("X-Xss-Protection","1; mode=block"); | |
| } | |
| private void TryRemoveResponseHeader(String header){ | |
| try { | |
| var isExists = HttpContext.Current.Response.Headers[header] != null; | |
| if(isExists) | |
| HttpContext.Current.Response.Headers.Remove(header); | |
| } catch{} | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment