I try to remove UseAbpSecurityHeaders but it still not working
I send data via email I also add this to NGINX
proxy_hide_header X-Content-Type-Options;
proxy_hide_header X-XSS-Protection;
proxy_hide_header X-Frame-Options;
proxy_hide_header Referrer-Policy;
proxy_hide_header Content-Security-Policy;
With this I'm able to remove duplicated header
I see that in response header I've a lot of duplicated tag example
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
content-security-policy
default-src 'self'; connect-src 'self' wss://signalr.***.com https://signalr.**.com ws://signalr.***.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: https:;
content-type
This issue happen also in 9.x on nginx but not in IIS
Ok I try
So when I've this error from angualr app console is referd to ngix api config or nginx signalr config? The same project works fine in IIS
And I need to set this only on Host and Gateway or in all microservices?
The last issue is relate to IP i see all operation came form 127.0.0.1
I found the correct path:
NGinx exposed: ng-01 (auth,api,app) -> reverse to -> mc-01 NGinx internal: mc-01
I set the host in mc-01 to route traffic to ng-01 beacuse the auth,api,app are configured in this host.
In the next days I try to change microservice to use local url on mc-01. For ex in idenitity I set the auth server not to auth....com but mc-01:43645 or mc-01:5001 I think it works as well
Now I do another test.
IdentityService if I try to open http://lnx-ngx-mc1:46388/api/abp/api-definition?IncludeTypes=false whituout autehntication it works
I do authentication I get this error on Identity logs
[13:39:30 ERR] Exception occurred while processing message. <s:Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler>
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
[13:39:30 ERR] Connection id "0HNDVKS5M639C", Request id "0HNDVKS5M639C:00000001": An unhandled exception was thrown by the application. <s:Microsoft.AspNetCore.Server.Kestrel>
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context)
at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
[13:40:14 INF] Lock is acquired for TokenCleanupBackgroundWorker <s:Volo.Abp.OpenIddict.Tokens.TokenCleanupBackgroundWorker>
[13:40:14 INF] Start cleanup. <s:Volo.Abp.OpenIddict.Tokens.TokenCleanupService>
Ok, I add this code
app.Use(async (ctx, next) =>
{
ctx.Request.Scheme = "https";
await next();
});
In place the original and now the error on oAuth is disapear but on API and APP still not working.
API say if try to authenticate a single micro service (CORS work)
http://lnx-ngx-mc01:41367/abp/Swashbuckle/SetCsrfCookie -> 500
http://lnx-ngx-mc01:41367/api/abp/api-definition?IncludeTypes=false -> 500
If I try from gateway only auth works but all microservices say mix mode blocked http // https
