Hi all,

I'm stumped. I've seen folks with similar issues on the forum, but I've had trouble leveraging those threads for my own case. I'm really new to Umbraco. Here's the middleware class we are using to implement our content security policy. Is there a way to have some kind of conditional that allows us to set different response headers for the frontend and back office. Currently, our back office is unavailable because it violates the csp, so we'd like it to have it's own csp so we can access it again.

namespace FakeNamespace {
public sealed class CustomHeaders
{
    private readonly RequestDelegate _next;

    public CustomHeaders(RequestDelegate next)
    {
        _next = next;
    }

    public async Task InvokeAsync(HttpContext context)
    {
        context.Response.Headers.Add("Access-Control-Allow-Origin", "domain");
        context.Response.Headers.Add("Cache-Control", "stuff");
        context.Response.Headers.Add("X-Content-Type-Options", "stuff");
        context.Response.Headers.Add("X-Frame-Options", "stuff");
        context.Response.Headers.Add("X-Xss-Protection", "stuff");
        context.Response.Headers.Add("Content-Security-Policy", "stuff");

        await _next(context);
    }
}}

This is added to startup.cs like so:

app.UseMiddleware<CustomHeaders>();
app.UseUmbraco()
....