Closed Gillardo closed 8 years ago
@damccull is working on a PR to make it configurable: https://github.com/openiddict/core/pull/38
Excellent!! Glad to hear that, i have tried setting the CSP on the Html page for about an hour, until i realised that this happened once i implemented OpenIddict.
Will watch this space for change
Alright, this feature is ready and awaiting merge. @PinpointTownes should do it soon.
PR merged: https://github.com/openiddict/core/commit/dad1b307b88e20dd9dd3a01c485ddcfbfeff189c :smile:
The updated package should be on MyGet.org soon.
@Gillardo don't hesitate to share your thoughts when you have a moment :clap:
@damccull very nice work with the Csp option. I have downloaded the latest version via myGet now and it works perfectly with my application! Thank you.
@PinpointTownes thanks for merging so quickly.
I want to add links to fonts on my web application, but since implementing OpenIddict, i have just just given CSP errors.
After hacking away at my project and then the source of OpenIddict, i see that a CSP Policy is added by default in the
OpenIddictExtensions
file, like soThis is all very well, but how can i override these settings? Why are these settings added by default? Surely they should be optional?