Add Content-Security-Policy (CSP) health check

[erikjanwestendorp]

Added a health check to see if a CSP header is present.

When present:

If not:

This can be tested by adding a CSP header and running the health checks:

app.Use(async (context, next) =>
{
    context.Response.Headers.Append("Content-Security-Policy", "default-src 'self' www.gravatar.com; script-src 'self' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: i.ytimg.com dashboard.umbraco.com; font-src 'self' data:; connect-src 'self'; media-src 'self'; frame-src 'self';");
    await next();
});

[github-actions]

Hi there @erikjanwestendorp, thank you for this contribution! 👍

While we wait for one of the Core Collaborators team to have a look at your work, we wanted to let you know about that we have a checklist for some of the things we will consider during review:

• It's clear what problem this is solving, there's a connected issue or a description of what the changes do and how to test them
• The automated tests all pass (see "Checks" tab on this PR)
• The level of security for this contribution is the same or improved
• The level of performance for this contribution is the same or improved
• Avoids creating breaking changes; note that behavioral changes might also be perceived as breaking
• If this is a new feature, Umbraco HQ provided guidance on the implementation beforehand
• 💡 The contribution looks original and the contributor is presumably allowed to share it

Don't worry if you got something wrong. We like to think of a pull request as the start of a conversation, we're happy to provide guidance on improving your contribution.

If you realize that you might want to make some changes then you can do that by adding new commits to the branch you created for this work and pushing new commits. They should then automatically show up as updates to this pull request.

Thanks, from your friendly Umbraco GitHub bot 🤖 🙂

[lauraneto]

Hi @erikjanwestendorp ,
Thank you for the pull request! 🙌
One of the Core Collaborators team members will review it soon.

[lauraneto]

Would be nice if you (or someone else) could also add a page to the umbraco docs (like the others, e.g. https://docs.umbraco.com/umbraco-cms/extending/health-check/guides/clickjackingprotection). 🙂

[erikjanwestendorp]

@lauraneto Totally agree, I just created an issue and I will add a page to the docs.

[lauraneto]

This is now merged!
Thanks again @erikjanwestendorp for your many contributions 🙌