From d2c59399c459975f2b10a3d216a9d99fec9d2449 Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Mon, 16 Sep 2024 09:41:48 -0400 Subject: [PATCH] Clarify middleware activation --- aspnetcore/fundamentals/middleware/index.md | 2 +- .../fundamentals/middleware/index/includes/index3-7.md | 6 +++--- aspnetcore/release-notes/aspnetcore-2.1.md | 4 ++-- aspnetcore/security/enforcing-ssl.md | 2 +- .../security/enforcing-ssl/includes/enforcing-ssl6-8.md | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/aspnetcore/fundamentals/middleware/index.md b/aspnetcore/fundamentals/middleware/index.md index c00d173d5140..3483feb48b3a 100644 --- a/aspnetcore/fundamentals/middleware/index.md +++ b/aspnetcore/fundamentals/middleware/index.md @@ -150,7 +150,7 @@ The following `Program.cs` code adds middleware components for common app scenar * When the app runs in the Production environment: * Exception Handler Middleware () catches exceptions thrown in the following middlewares. * HTTP Strict Transport Security Protocol (HSTS) Middleware () adds the `Strict-Transport-Security` header. -1. HTTPS Redirection Middleware () redirects HTTP requests to HTTPS. +1. HTTPS Redirection Middleware () redirects HTTP requests to HTTPS if an HTTPS port is available. 1. Static File Middleware () returns static files and short-circuits further request processing. 1. Cookie Policy Middleware () conforms the app to the EU General Data Protection Regulation (GDPR) regulations. 1. Routing Middleware () to route requests. diff --git a/aspnetcore/fundamentals/middleware/index/includes/index3-7.md b/aspnetcore/fundamentals/middleware/index/includes/index3-7.md index 19f57df6aff4..a2d8b1d90dfc 100644 --- a/aspnetcore/fundamentals/middleware/index/includes/index3-7.md +++ b/aspnetcore/fundamentals/middleware/index/includes/index3-7.md @@ -116,7 +116,7 @@ The following `Program.cs` code adds middleware components for common app scenar * When the app runs in the Production environment: * Exception Handler Middleware () catches exceptions thrown in the following middlewares. * HTTP Strict Transport Security Protocol (HSTS) Middleware () adds the `Strict-Transport-Security` header. -1. HTTPS Redirection Middleware () redirects HTTP requests to HTTPS. +1. HTTPS Redirection Middleware () redirects HTTP requests to HTTPS if an HTTPS port is available. 1. Static File Middleware () returns static files and short-circuits further request processing. 1. Cookie Policy Middleware () conforms the app to the EU General Data Protection Regulation (GDPR) regulations. 1. Routing Middleware () to route requests. @@ -393,7 +393,7 @@ The following `Program.cs` code adds middleware components for common app scenar * When the app runs in the Production environment: * Exception Handler Middleware () catches exceptions thrown in the following middlewares. * HTTP Strict Transport Security Protocol (HSTS) Middleware () adds the `Strict-Transport-Security` header. -1. HTTPS Redirection Middleware () redirects HTTP requests to HTTPS. +1. HTTPS Redirection Middleware () redirects HTTP requests to HTTPS if an HTTPS port is available. 1. Static File Middleware () returns static files and short-circuits further request processing. 1. Cookie Policy Middleware () conforms the app to the EU General Data Protection Regulation (GDPR) regulations. 1. Routing Middleware () to route requests. @@ -652,7 +652,7 @@ The following `Startup.Configure` method adds middleware components for common a * When the app runs in the Production environment: * Exception Handler Middleware () catches exceptions thrown in the following middlewares. * HTTP Strict Transport Security Protocol (HSTS) Middleware () adds the `Strict-Transport-Security` header. -1. HTTPS Redirection Middleware () redirects HTTP requests to HTTPS. +1. HTTPS Redirection Middleware () redirects HTTP requests to HTTPS if an HTTPS port is available. 1. Static File Middleware () returns static files and short-circuits further request processing. 1. Cookie Policy Middleware () conforms the app to the EU General Data Protection Regulation (GDPR) regulations. 1. Routing Middleware () to route requests. diff --git a/aspnetcore/release-notes/aspnetcore-2.1.md b/aspnetcore/release-notes/aspnetcore-2.1.md index f3cfe9ac952f..6d0f95f96a46 100644 --- a/aspnetcore/release-notes/aspnetcore-2.1.md +++ b/aspnetcore/release-notes/aspnetcore-2.1.md @@ -58,9 +58,9 @@ Run `dotnet dev-certs https --trust` to trust the certificate. ### HTTPS redirection and enforcement -Web apps typically need to listen on both HTTP and HTTPS, but then redirect all HTTP traffic to HTTPS. In 2.1, specialized HTTPS redirection middleware that intelligently redirects based on the presence of configuration or bound server ports has been introduced. +Web apps typically need to listen on both HTTP and HTTPS, but then redirect all HTTP traffic to HTTPS. In 2.1, specialized HTTPS Redirection Middleware that intelligently redirects if an HTTPS port is available based on the presence of configuration or bound server ports has been introduced. -Use of HTTPS can be further enforced using [HTTP Strict Transport Security Protocol (HSTS)](xref:security/enforcing-ssl#http-strict-transport-security-protocol-hsts). HSTS instructs browsers to always access the site via HTTPS. ASP.NET Core 2.1 adds HSTS middleware that supports options for max age, subdomains, and the HSTS preload list. +Use of HTTPS can be further enforced using [HTTP Strict Transport Security Protocol (HSTS)](xref:security/enforcing-ssl#http-strict-transport-security-protocol-hsts). HSTS instructs browsers to always access the site via HTTPS. ASP.NET Core 2.1 adds HSTS Middleware that supports options for max age, subdomains, and the HSTS preload list. ### Configuration for production diff --git a/aspnetcore/security/enforcing-ssl.md b/aspnetcore/security/enforcing-ssl.md index 4bab77c904a2..8fb3e9786393 100644 --- a/aspnetcore/security/enforcing-ssl.md +++ b/aspnetcore/security/enforcing-ssl.md @@ -47,7 +47,7 @@ API projects can reject HTTP requests rather than use `UseHttpsRedirection` to r We recommend that production ASP.NET Core web apps use: -* HTTPS Redirection Middleware () to redirect HTTP requests to HTTPS. +* HTTPS Redirection Middleware () to redirect HTTP requests to HTTPS if an HTTPS port is available. * HSTS Middleware ([UseHsts](#http-strict-transport-security-protocol-hsts)) to send HTTP Strict Transport Security Protocol (HSTS) headers to clients. > [!NOTE] diff --git a/aspnetcore/security/enforcing-ssl/includes/enforcing-ssl6-8.md b/aspnetcore/security/enforcing-ssl/includes/enforcing-ssl6-8.md index 73bdb96c075c..0806ff9bd37a 100644 --- a/aspnetcore/security/enforcing-ssl/includes/enforcing-ssl6-8.md +++ b/aspnetcore/security/enforcing-ssl/includes/enforcing-ssl6-8.md @@ -29,7 +29,7 @@ API projects can reject HTTP requests rather than use `UseHttpsRedirection` to r We recommend that production ASP.NET Core web apps use: -* HTTPS Redirection Middleware () to redirect HTTP requests to HTTPS. +* HTTPS Redirection Middleware () to redirect HTTP requests to HTTPS if an HTTPS port is available. * HSTS Middleware ([UseHsts](#http-strict-transport-security-protocol-hsts)) to send HTTP Strict Transport Security Protocol (HSTS) headers to clients. > [!NOTE] @@ -689,7 +689,7 @@ In some cases, group policy may prevent self-signed certificates from being trus We recommend that production ASP.NET Core web apps use: -* HTTPS Redirection Middleware () to redirect HTTP requests to HTTPS. +* HTTPS Redirection Middleware () to redirect HTTP requests to HTTPS if an HTTPS port is available. * HSTS Middleware ([UseHsts](#http-strict-transport-security-protocol-hsts)) to send HTTP Strict Transport Security Protocol (HSTS) headers to clients. > [!NOTE]