Closed pampua84 closed 2 years ago
Same for me.
Error: aspnetcore-browser-refresh.js:234 Refused to connect to 'ws://localhost:60519/identityserver/' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
How are you adding your CSP into the headers? If it's in a middleware, make sure it comes after the UseIdentityServer()
middleware so it doesn't overwrite the default CSP that the IdentityServer internal pages generate.
e.g. in Startup.cs
, roughly
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
// other stuff
app.UseIdentityServer();
app.Use((context, next) => {
context.Response.Headers.Add("Content-Security-Policy", "CSP stuff");
return next();
}
// more stuff
}
This organization is not maintained anymore besides critical security bugfixes (if feasible). This organization will be archived when .NET Core 3.1 end of support is reached (3rd Dec 2022). All new development is happening in the new Duende Software organization.
The new Duende IdentityServer comes with a commercial license but is free for dev/testing/personal projects and companies or individuals making less than 1M USD gross annnual revenue. Please get in touch with us if you have any question.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Hi everyone, I have a problem with an application integrating with my IdentityServer4 based IdP. The problem is that when the user logs in to my IdP everything works, but then if I try the flow again and the user is already logged in and therefore the redirect on the application should take place directly without entering the email and password, the application crashes on the endpoint / authorize and in the browser I see this error:
On the old version of IdetityServer 3 there was this functionality:
https://identityserver.github.io/Documentation/docsv2/endpoints/csp.html
and then through the log I could have understood the problem, in version 4 how can I get the same result? Please can you help me? Hope i was clear. Thank you,