v1.0.0

Changes in 1.0.0

This marks the first major release of the NetEscapades.AspNetCore.SecurityHeaders. For simplicity, all the changes since 0.24.0 are included below.

Breaking Changes:

Drop support for .NET Standard 2.0, raises minimum framework to .NET Core 3.1 #167, #171
Removed "document header" functionality, in favour of always adding all headers #186
Remove X-XSS-Protection from default headers and mark obsolete #168
Add cross-origin-opener-policy: same-origin to default headers #184
Mark Feature-Policy as obsolete #187
Mark Expect-CT as obsolete #197
Make nonce generation lazy on call to HttpContext.GetNonce() #198
Remove ambient-light-sensor=() from DefaultSecureDirectives() for permissions policy #203 (Thanks @damienbod!)
Update COOP, COEP, and CORP for AddDefaultSecurityHeaders() and AddDefaultApiSecurityHeaders() #204 (Thanks @damienbod)!)
Removes obsolete APIs (#217)

This marks the first major release of the NetEscapades.AspNetCore.SecurityHeaders. For simplicity, all the changes since 0.24.0 are included below.

Breaking Changes:

Drop support for .NET Standard 2.0, raises minimum framework to .NET Core 3.1 #167, #171
Removed "document header" functionality, in favour of always adding all headers #186
Remove X-XSS-Protection from default headers and mark obsolete #168
Add cross-origin-opener-policy: same-origin to default headers #184
Mark Feature-Policy as obsolete #187
Mark Expect-CT as obsolete #197
Make nonce generation lazy on call to HttpContext.GetNonce() #198
Remove ambient-light-sensor=() from DefaultSecureDirectives() for permissions policy #203 (Thanks @damienbod!)
Update COOP, COEP, and CORP for AddDefaultSecurityHeaders() and AddDefaultApiSecurityHeaders() #204 (Thanks @damienbod)!)
Removes obsolete APIs (#217)