![]() The default API projects don't include HSTS because HSTS is generally a browser only instruction. For more information, see Use multiple environments in ASP.NET Core and 5 ways to set the URLs for an ASP.NET Core app by Andrew Lock. To disable HTTP redirection in an API, set the ASPNETCORE_URLS environment variable or use the -urls command line flag. Close the connection with status code 400 (Bad Request) and not serve the request.Such clients may send information over HTTP. API clients may not understand or obey redirects from HTTP to HTTPS. RequireHttpsAttribute uses HTTP status codes to redirect browsers from HTTP to HTTPS. If I manually create the RedirectionMode key and then re-launch Edge, it correctly follows the policy and sets RedirectionMode to 0.Do not use RequireHttpsAttribute on Web APIs that receive sensitive information. If the BHO doesn't find the key, the default is to redirect. Further digging shows that the HKEY_CURRENT_USER\Software\Microsoft\Edge\IEToEdge | RedirectionMode key, which is what the BHO itself uses, is not being created nor set to 0 when the policy is read by Edge. While "Never" is displayed correctly in Edge settings, it doesn't work. Remember, we had no way to fully test this prior to the 87 release since we're domain-joined. We also added the RedirectSitesFromInternetExplorerRedirectMode policy, again before the 87 release, just to cover our bases. ![]() ![]() This isn't documented in the release notes or the ADMX itself, but it's logical since the installer/updater typically runs as system. While the RedirectSitesFromInternetExplorerPreventBHOInstall policy appears in the User Config, it looks like it fails because the setup doesn't detect the setting unless it's set in the Computer Config. We generally prefer to add settings to the ADMX User Configuration, since it makes exceptions easier to manage. We implemented both policies prior to the Edge 87 release.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |