问题
I have some custom HTTP response headers defined in an ASP.NET (Web Forms) website's web.config.
I'm trying to write a managed HTTP module that can modify these web.config defined headers before they're sent back to the client. Unfortunately, whatever event I use (PreSendRequestHeaders, EndRequest) , the headers defined in web.config do not exist in the Response.Headers collection.
I'm aware that PreSendRequestHeaders is not recommended so I also tried using Response.AddOnSendingHeaders but this doesn't give me access to the headers either.
Specifically what I'm trying to do is address inline script for our Content Security Policy (CSP). I'd like to automatically add a nonce attribute to all inline script blocks (I have a working POC for this) and then modify the HTTP CSP header (defined in web.config) to add the 'nonce-' items into the script-src section.
I don't want to add the CSP header in code because it changes often enough that recompile and publish of the website would be a pain.
Do I need to resort to a native IIS module to achieve this or is there some way to do it using managed code (preferred)?
来源:https://stackoverflow.com/questions/49128302/how-can-i-modify-http-headers-in-asp-net-web-forms-that-are-defined-in-web-con