Kaynağa Gözat

Made CSP middleware the same for both web services

tags/3.0.0^2
Teknikode 10 ay önce
ebeveyn
işleme
bbaf251525

+ 14
- 5
IdentityServer/Middleware/CSPMiddleware.cs Dosyayı Görüntüle

@@ -34,11 +34,20 @@ namespace Teknik.IdentityServer.Middleware
allowedDomain = host;
}

var csp = "default-src 'self';" +
"img-src * 'self' data: https:;" +
$"style-src 'self' {allowedDomain};" +
$"font-src 'self' {allowedDomain};" +
$"script-src 'self' 'unsafe-inline' {allowedDomain};";
var csp = string.Format(
"default-src 'none'; " +
"script-src blob: 'unsafe-eval' 'nonce-{1}' {0}; " +
"style-src 'unsafe-inline' {0}; " +
"img-src data: *; " +
"font-src data: {0}; " +
"connect-src wss: blob: data: {0}; " +
"media-src *; " +
"worker-src blob: mediastream: {0}; " +
"form-action {0}; " +
"base-uri {0}; " +
"frame-ancestors {0};",
allowedDomain,
httpContext.Items[Constants.NONCE_KEY]);

if (!httpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
{

+ 0
- 1
IdentityServer/Views/Shared/_Layout.cshtml Dosyayı Görüntüle

@@ -45,7 +45,6 @@
<link href="~/images/favicon.ico" rel="apple-touch-icon-precomposed" />
<bundle src="css/common.min.css" append-version="true"></bundle>
<bundle src="js/common.min.js" append-version="true"></bundle>
</head>
<body data-twttr-rendered="true">
<div id="wrap">

+ 14
- 1
Teknik/Middleware/CSPMiddleware.cs Dosyayı Görüntüle

@@ -42,7 +42,20 @@ namespace Teknik.Middleware
allowedDomain += " " + config.CdnHost;
}

httpContext.Response.Headers.Append("Content-Security-Policy", string.Format("default-src 'none'; script-src blob: 'unsafe-eval' 'nonce-{1}' {0}; style-src 'unsafe-inline' {0}; img-src data: *; font-src data: {0}; connect-src wss: blob: data: {0}; media-src *; worker-src blob: mediastream: {0}; form-action {0}; base-uri {0}; frame-ancestors {0};", allowedDomain, httpContext.Items[Constants.NONCE_KEY]));
httpContext.Response.Headers.Append("Content-Security-Policy", string.Format(
"default-src 'none'; " +
"script-src blob: 'unsafe-eval' 'nonce-{1}' {0}; " +
"style-src 'unsafe-inline' {0}; " +
"img-src data: *; " +
"font-src data: {0}; " +
"connect-src wss: blob: data: {0}; " +
"media-src *; " +
"worker-src blob: mediastream: {0}; " +
"form-action {0}; " +
"base-uri {0}; " +
"frame-ancestors {0};",
allowedDomain,
httpContext.Items[Constants.NONCE_KEY]));
}

return _next(httpContext);

+ 0
- 1
Teknik/Startup.cs Dosyayı Görüntüle

@@ -314,6 +314,5 @@ namespace Teknik
context.Response.StatusCode = 403;
context.HandleResponse();
}

}
}

Loading…
İptal
Kaydet