Closed mfnaseem closed 6 years ago
Can you elaborate on which code you started with and what additional code you added? I'm trying to understand your steps.
Step1: I followed the exact course from plural sight securing-aspdotnet-core2-oauth2-openid-connect till I can login with IS4 and that redirects back to my website Step2: Included my own template into that solution Step3: after getting the CSP errors I added the Nuget package of NWebSec.AspNetCore.Middleware in Identity layer that resolved the issue till login (authorization), but redirecting back to the Identity project instead of Client Step4: to resolve that I added the same nuget package into Client
So you will need to track down which CSP rules you added (either intentionally or unintentionally) and find out if they're from IdentityServer's CSP from our templates or elsewhere (I suspect it's from elsewhere). And then you'll need to find out how to configure those CSP rules to work with what IdentityServer needs to do on that one rendered page. You should notice we already emit the scipt hash for the script you show above. So I bet some additional CSP is interfering. Not sure, tho.
Thanks brokallen..
I came out from this issue with a little change removed " .FormActions(s => s.Self())" added ".ScriptSources(s => s.UnsafeInline())"
app.UseCsp(opts => opts .BlockAllMixedContent() .StyleSources(s => s.Self()) .StyleSources(s => s.UnsafeInline()) .FontSources(s => s.Self()) .FrameAncestors(s => s.Self()) .ImageSources(s => s.Self()) .ScriptSources(s => s.Self()) .ScriptSources(s => s.UnsafeInline()) );
Thanks!
So all set on this issue? We can close?
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
I'm just creating the new solution by using https://github.com/identityserver/IdentityServer4.QuickStart.UI/tree/release
everything was working fine, but when i tried to add my template it started to give CSP errors
I debugged the application and see that it successfully logs me in, when it goes to redirect it ends up with a CSP error:
plz help me out whats i m missing Thanks!
Identity Startup is below
public void ConfigureServices(IServiceCollection services) { services.AddDbContext(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); }
Client Startup is below
public void ConfigureServices(IServiceCollection services) { // Add framework services. services.AddMvc();
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Home/Error"); app.UseHsts(); }