asp.netkubernetesazure-aksazure-service-fabrichsts

The `UseHsts` stopped appending the `Strict-Transport-Security` header after the migration from Service Fabric to K8S. How to fix it?


The UseHsts stopped appending the Strict-Transport-Security header after the migration from Service Fabric to K8S. How to fix it?

I am using the .NET 6. I tried debugging to see if the UseHsts gets called. Also, I double checked that doing exactly the same deployment to Service Fabric result in a running app which returns the header.

I spent a probably 5 hours now and was not able to come up with anything. I found this, but it seems to be about enabling the HSTS at the Azure level, while I would like to enable it using the tools at the application level.


Solution

  • There is a version of UseHsts in IApplicationBuilder which doesn't work. You have to use UseHsts from NWebsec.AspNetCore.Middleware in order for this to work.