Closed bergmania closed 1 week ago
👋🏻
FYI: removing the ValidateTransportSecurityRequirement
event handler is not necessary to disable the TLS/HTTPS requirement as there's a dedicated OpenIddictServerAspNetCoreOptions.DisableTransportSecurityRequirement
option that allows disabling this security check (when set to true
, the built-in ValidateTransportSecurityRequirement
handler is not called) 😃
Cheers.
I simplified the PR here https://github.com/umbraco/Umbraco-CMS/pull/16629. Thanks for the input @kevinchalet 💪
You're welcome @bergmania 😄
On a related note, OpenIddict 5.7.0 just shipped: https://github.com/openiddict/openiddict-core/releases/tag/5.7.0.
Description
Added post configuration of OpenIddictServerOptions that removes the
ValidateTransportSecurityRequirement
iffGlobalSettings.UseHttps
isfalse
.Fixing: https://github.com/umbraco/Umbraco-CMS/issues/16605
Test
Please note that openiddict only allow connections from the host that first attempted to access backoffice. It can make it easier to set
launchBrowser
tofalse
inlaunchSettings.json
Umbraco:CMS:Global:UseHttps
=false
Umbraco:CMS:Global:UseHttps
=true