Reputation: 7335
How to enforce use of https for Blazor web assembly?
How can I enforce use of ssl secure connection via https for Blazor web assembly?
I tried adding
app.UseHttpsRedirection();
to Startup.cs of a server project (api) but that didnt do anything.
I want to enforce it for both api and client of blazor web assembly app.
EDIT
Since we are going back and forth if an app is secure enough if only API is secured, I would like to rephrase my question. How do I redirect a page from a http to https on initial start of blazor client?
Upvotes: 3
Views: 6353
Answers (2)
Reputation: 21
It cannot be done in code or the config of the Web App. It can however be set in the settings on the server. If you are hosting your App in Azure you can enforce use of HTTPS by setting the "HTTPS Only" setting to true under the "TLS/SSL" category of the App Settings. If you are hosting it elsewhere you will need to change your server web.config file to include a redirect rule (see here: How to force HTTPS using a web.config file).
Upvotes: 1
Reputation: 878
How to enforce SSL on server side is described here: enforcing-ssl
But enforcing it for the client just makes little to no sense and i think there is no way to really force it!
Of cause you could wrap HttpClient to only use https, but there is not a single benefit i could imagine.
Upvotes: 1
Related Questions
- Enforcing Blazor webassembly to use Newtonsoft.Json on client side
- Blazor & Custom Certificates
- Blazor WebAssembly blocks WebApi AllowAnonymous
- Blazor WebAssembly - how to add a "http to https" URL rewrite rule in auto-generated web.config
- Use Blazor with non-http(s) protocol
- Securing Blazor webassembly source
- How to run Blazor WebAssembly locally with https and custom domain?
- Blazor WebAssembly - how to securely consume private/restricted API?
- What is the valid procedure to secure blazor client side app?
- Blazor BaseURI http vs https issue