From 63cddc4ab0f9e985d9bee25a452f02f55182392b Mon Sep 17 00:00:00 2001
From: "DESKTOP-GENO133\\IvanPlex" <ivancheahkf@gmail.com>
Date: Mon, 18 Mar 2024 09:18:05 -0600
Subject: [PATCH] fixed security vulnerability.

---
 Program.cs | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/Program.cs b/Program.cs
index eab5fd5..f7bed71 100644
--- a/Program.cs
+++ b/Program.cs
@@ -107,7 +107,21 @@ var app = builder.Build();
 
 // Configure the HTTP request pipeline.
 app.UseExceptionHandler("/Home/Error");
-app.UseStaticFiles();
+
+app.UseStaticFiles(new StaticFileOptions
+{
+    OnPrepareResponse = ctx =>
+    {
+        if (ctx.Context.Request.Path.StartsWithSegments("/images") || ctx.Context.Request.Path.StartsWithSegments("/documents"))
+        {
+            ctx.Context.Response.Headers.Add("Cache-Control", "no-store");
+            if (!ctx.Context.User.Identity.IsAuthenticated)
+            {
+                ctx.Context.Response.Redirect("/Login");
+            }
+        }
+    }
+});
 
 app.UseRouting();