Closed ageiter closed 2 weeks ago
Hi @ageiter ,
As far as I understand, you added app.UseAbpSecurityHeaders();
before app.UseRouting();
. Can you add app.UseAbpSecurityHeaders();
after app.UseRouting();
and try again?
Why are you already closing the issue?
In your default template, this method is called BEFORE UseRouting:
But it seems to work when I push it down.
Please change the template accordingly and make a note in the documentation... https://docs.abp.io/en/abp/latest/UI/AspNetCore/Security-Headers
Thank you for updating the documentation.
Will you also change the template with which a new solution (Blazor Server) can be generated (via ABP Suite)?
Thank you for updating the documentation.
Will you also change the template with which a new solution (Blazor Server) can be generated (via ABP Suite)?
I've also updated the templates and they should be fixed in the new version.
Perfect, thanks!
Is there an existing issue for this?
Description
I would like Content-Security-Policy headers to be set. I have implemented this following the documentation, but no such headers are set.
It's a Blazor server app, but that should work there too, right? Does it depend on when I configure this (at which position in the
ConfigureServices
method)?Reproduction Steps
No response
Expected behavior
The response header "Content-Security-Policy" is set to the values: object-src 'none'; form-action 'self'; frame-ancestors 'none'
Actual behavior
No response header "Content-Security-Policy" is set
Regression?
No response
Known Workarounds
If I add the header myself, it works:
Version
8.0.4
User Interface
Blazor Server
Database Provider
EF Core (Default)
Tiered or separate authentication server
None (Default)
Operation System
Windows (Default)
Other information
No response