View Source

Class HstsCheck

Health check for the recommended production setup regarding the Strict-Transport-Security header.

Inheritance
System.Object
HealthCheck
BaseHttpHeaderCheck
Namespace: Umbraco.Cms.Core.HealthChecks.Checks.Security
Assembly: Umbraco.Core.dll
Syntax
public class HstsCheck : BaseHttpHeaderCheck, IDiscoverable

Constructors

View Source

HstsCheck(IHostingEnvironment, ILocalizedTextService)

Initializes a new instance of the HstsCheck class.

Declaration
public HstsCheck(IHostingEnvironment hostingEnvironment, ILocalizedTextService textService)
Parameters
Type Name Description
IHostingEnvironment hostingEnvironment
ILocalizedTextService textService
Remarks

The check is mostly based on the instructions in the OWASP CheatSheet (https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md) and the blog post of Troy Hunt (https://www.troyhunt.com/understanding-http-strict-transport/) If you want do to it perfectly, you have to submit it https://hstspreload.org/, but then you should include subdomains and I wouldn't suggest to do that for Umbraco-sites.

Properties

View Source

Gets a link to an external read more page.

Declaration
protected override string ReadMoreLink { get; }
Property Value
Type Description
System.String

Methods

View Source

CheckForHeader()

The health check task.

Declaration
protected async Task<HealthCheckStatus> CheckForHeader()
Returns
Type Description
Task<HealthCheckStatus>

A with the result type reversed on localhost.
View Source

GetStatus()

Get the status for this health check

Declaration
public override async Task<IEnumerable<HealthCheckStatus>> GetStatus()
Returns
Type Description
Task<IEnumerable<HealthCheckStatus>>