How to Enable HSTS in Azure Functions?

Question

How to Enable HSTS in Azure Functions?

143 views Asked by RyanDeKock At 23 February 2024 at 09:22

I want to enable HTTP Strict Transport Security (HSTS) on my Azure Function App.

I've added the HSTS configuration settings to the function app's host.json file based on this, but I am not getting the Strict-Transport-Security response header.

This is my host.json file:

{
  "version": "2.0",
  "extensions": {
    "http": {
      "routePrefix": "api",
      "hsts": {
        "isEnabled": true,
        "includeSubDomains": true,
        "maxAge": "365"
      }
    }
  }
}

Original Q&A

There are 1 answers

**Ikhtesam Afrin** · Answer 1 · 2024-02-23T12:07:41+00:00

I have created a .NET6 in process Azure Function App in Azure Portal.

Then I added the HSTS code in host.json file as shown below.

host.json-

{
  "version": "2.0",
  "extensions": {
    "http": {
      "routePrefix": "api",
      "hsts": {
        "isEnabled": true,
        "includeSubDomains": true,
        "maxAge": "365"
      }
    }
  },
  "extensionBundle": {
    "id": "Microsoft.Azure.Functions.ExtensionBundle",
    "version": "[4.*, 5.0.0)"
  }
}

enter image description here

After adding in this way, I am able to see hsts in the response header while invoking the function url. I am using curl -s -D- https://{functionApp_name}.azurewebsites.net/api/HttpTrigger1 command.

enter image description here

TechQA.

How to Enable HSTS in Azure Functions?

There are 1 answers

Related Questions in AZURE

Related Questions in AZURE-FUNCTIONS

Related Questions in HSTS

Popular Questions

Popular Tags

Trending Questions