Describe the bug
After deployment in DEV environment, hitting the swagger url of the app displays a blank page.
Pressing F12 show the following error message in browser console:
"Refused to send form data to 'https://adfsdev.blegrid.net/adfs/oauth2/authorize/' because it violates the following Content Security Policy directive: "form-action 'self'".
To Reproduce
Deploy any yarp generated with same guidance in DEV/TEST/ACC/PROD and just hit your swagger facade.
Expected behavior
Authentication must succeed and the swaggger page must display correctly.
Desktop (please complete the following information):
Visual Studio Version [e.g. 17.5.4]
Guidance Version [e.g. 2022.2.1.12]
Additional context
WORKAROUND
In file SecurityHeaderCSP (in project Yarp / Host / Infrastructure folder), do not call the extension method AddDefaultSecurityHeaders().
Instead, copy the content of this method locally and comment the call to method AddFormAction().Self() - it is configured below in this file. It looks like double configuration is not supported. This issue does not happen in Development environment because the code of the extension method is by-passed for that environment.
Describe the bug After deployment in DEV environment, hitting the swagger url of the app displays a blank page. Pressing F12 show the following error message in browser console: "Refused to send form data to 'https://adfsdev.blegrid.net/adfs/oauth2/authorize/' because it violates the following Content Security Policy directive: "form-action 'self'".
To Reproduce Deploy any yarp generated with same guidance in DEV/TEST/ACC/PROD and just hit your swagger facade.
Expected behavior Authentication must succeed and the swaggger page must display correctly.
Desktop (please complete the following information):
Additional context
WORKAROUND In file SecurityHeaderCSP (in project Yarp / Host / Infrastructure folder), do not call the extension method AddDefaultSecurityHeaders(). Instead, copy the content of this method locally and comment the call to method AddFormAction().Self() - it is configured below in this file. It looks like double configuration is not supported. This issue does not happen in Development environment because the code of the extension method is by-passed for that environment.