But I have already configured RedirectAllowedUrls in the appsettings. json file and set it to https://thisisfortest.site/authentication/login-callback,and still report an error,
Client validation failed because 'https://thisisfortest.site/authentication/login-callback' was not a valid redirect_uri for SGSGlobalPass_Blazor. 2023-06-27 14:58:36.424 +08:00 [INF] The authorization request was rejected because the redirect_uri was invalid:
Here is my configuration information "App": { "SelfUrl": "https://api.thisisfortest.site", "CorsOrigins": "https://*.thisisfortest.site,https://thisisfortest.site", "RedirectAllowedUrls": "https://thisisfortest.site/authentication/login-callback,https://api.thisisfortest.site/swagger/oauth2-redirect.html" }
in website, retrun message: Failed to load resource: the server responded with a status of 400 () Refused to display 'https://api.thisisfortest.site/' in a frame because it set 'X-Frame-Options' to 'sameorigin'. I used two domain names and both were configured with certificates: thisisfortest.site and api.thisisfortest.site.
2023-06-27 11:59:28.639 +08:00 [INF] The request URI matched a server endpoint: "Authorization".
2023-06-27 11:59:28.639 +08:00 [INF] The authorization request was successfully extracted: {
"client_id": "SGSGlobalPass_Blazor",
"redirect_uri": "https://thisisfortest.site/authentication/login-callback",
"response_type": "code",
"scope": "openid profile SGSGlobalPass roles email phone",
"state": "f0f7fec0d12747bcbbf9ecc779c25cba",
"code_challenge": "5fxi1Io8Su92yPmY5FOu1LHe-9IdyL8PiNfgzg2u_-s",
"code_challenge_method": "S256",
"prompt": "none",
"response_mode": "query"
}.
2023-06-27 11:59:28.640 +08:00 [INF] Client validation failed because 'https://thisisfortest.site/authentication/login-callback' was not a valid redirect_uri for SGSGlobalPass_Blazor.
2023-06-27 11:59:28.640 +08:00 [INF] The authorization request was rejected because the redirect_uri was invalid: 'https://thisisfortest.site/authentication/login-callback'.
2023-06-27 11:59:28.640 +08:00 [INF] Request finished HTTP/1.1 GET https://api.thisisfortest.site/connect/authorize?client_id=SGSGlobalPass_Blazor&redirect_uri=https%3A%2F%2Fthisisfortest.site%2Fauthentication%2Flogin-callback&response_type=code&scope=openid%20profile%20SGSGlobalPass%20roles%20email%20phone&state=f0f7fec0d12747bcbbf9ecc779c25cba&code_challenge=5fxi1Io8Su92yPmY5FOu1LHe-9IdyL8PiNfgzg2u_-s&code_challenge_method=S256&prompt=none&response_mode=query - - - 302 - - 2.5353ms
2023-06-27 11:59:28.820 +08:00 [INF] Request starting HTTP/1.1 GET https://api.thisisfortest.site/Error?httpStatusCode=400 - -
2023-06-27 11:59:28.822 +08:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
2023-06-27 11:59:28.822 +08:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). 2023-06-27 11:59:28.823 +08:00 [INF] Executing ViewResult, running view ~/Views/Error/Default.cshtml. 2023-06-27 11:59:28.827 +08:00 [INF] Executed ViewResult - view ~/Views/Error/Default.cshtml executed in 4.1338ms. 2023-06-27 11:59:28.827 +08:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 5.0723ms 2023-06-27 11:59:28.827 +08:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' 2023-06-27 11:59:28.828 +08:00 [INF] Request finished HTTP/1.1 GET https://api.thisisfortest.site/Error?httpStatusCode=400 - - - 400 - text/html;+charset=utf-8 8.2332ms 2023-06-27 11:59:38.641 +08:00 [INF] Request starting HTTP/1.1 OPTIONS https://api.thisisfortest.site/api/abp/application-localization?CultureName=en&OnlyDynamics=True&api-version=1.0 - - 2023-06-27 11:59:38.642 +08:00 [INF] CORS policy execution successful. 2023-06-27 11:59:38.642 +08:00 [INF] Request finished HTTP/1.1 OPTIONS https://api.thisisfortest.site/api/abp/application-localization?CultureName=en&OnlyDynamics=True&api-version=1.0 - - - 204 - - 0.6283ms 2023-06-27 11:59:38.815 +08:00 [INF] Request starting HTTP/1.1 GET https://api.thisisfortest.site/api/abp/application-localization?CultureName=en&OnlyDynamics=True&api-version=1.0 - - 2023-06-27 11:59:38.815 +08:00 [INF] CORS policy execution successful. 2023-06-27 11:59:38.818 +08:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController.GetAsync (Volo.Abp.AspNetCore.Mvc)' 2023-06-27 11:59:38.818 +08:00 [INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationLocalization", page = ""}. Executing controller action with signature System.Threading.Tasks.Task
1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationDto] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController (Volo.Abp.AspNetCore.Mvc).
2023-06-27 11:59:38.824 +08:00 [INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationDto'.
2023-06-27 11:59:38.824 +08:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 5.7762ms
2023-06-27 11:59:38.824 +08:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2023-06-27 11:59:38.824 +08:00 [INF] Request finished HTTP/1.1 GET https://api.thisisfortest.site/api/abp/application-localization?CultureName=en&OnlyDynamics=True&api-version=1.0 - - - 200 - application/json;+charset=utf-8 9.1058ms
2023-06-27 11:59:39.062 +08:00 [INF] Request starting HTTP/1.1 GET https://api.thisisfortest.site/connect/authorize?client_id=SGSGlobalPass_Blazor&redirect_uri=https%3A%2F%2Fthisisfortest.site%2Fauthentication%2Flogin-callback&response_type=code&scope=openid%20profile%20SGSGlobalPass%20roles%20email%20phone&state=015bb1bf394e4c229b92e93a8beba2a0&code_challenge=_zYJnXk3H6WSCoAeHTRoBAM8RKGv9BTKTJ11BfXPkCw&code_challenge_method=S256&prompt=none&response_mode=query - -
2023-06-27 11:59:39.063 +08:00 [INF] The request URI matched a server endpoint: "Authorization".
2023-06-27 11:59:39.063 +08:00 [INF] The authorization request was successfully extracted: {
"client_id": "SGSGlobalPass_Blazor",
"redirect_uri": "https://thisisfortest.site/authentication/login-callback",
"response_type": "code",
"scope": "openid profile SGSGlobalPass roles email phone",
"state": "015bb1bf394e4c229b92e93a8beba2a0",
"code_challenge": "_zYJnXk3H6WSCoAeHTRoBAM8RKGv9BTKTJ11BfXPkCw",
"code_challenge_method": "S256",
"prompt": "none",
"response_mode": "query"
}.
2023-06-27 11:59:39.064 +08:00 [INF] Client validation failed because 'https://thisisfortest.site/authentication/login-callback' was not a valid redirect_uri for SGSGlobalPass_Blazor.
2023-06-27 11:59:39.064 +08:00 [INF] The authorization request was rejected because the redirect_uri was invalid: 'https://thisisfortest.site/authentication/login-callback'.
2023-06-27 11:59:39.064 +08:00 [INF] Request finished HTTP/1.1 GET https://api.thisisfortest.site/connect/authorize?client_id=SGSGlobalPass_Blazor&redirect_uri=https%3A%2F%2Fthisisfortest.site%2Fauthentication%2Flogin-callback&response_type=code&scope=openid%20profile%20SGSGlobalPass%20roles%20email%20phone&state=015bb1bf394e4c229b92e93a8beba2a0&code_challenge=_zYJnXk3H6WSCoAeHTRoBAM8RKGv9BTKTJ11BfXPkCw&code_challenge_method=S256&prompt=none&response_mode=query - - - 302 - - 1.9674ms
2023-06-27 11:59:39.243 +08:00 [INF] Request starting HTTP/1.1 GET https://api.thisisfortest.site/Error?httpStatusCode=400 - -
2023-06-27 11:59:39.245 +08:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
2023-06-27 11:59:39.246 +08:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).
2023-06-27 11:59:39.246 +08:00 [INF] Executing ViewResult, running view ~/Views/Error/Default.cshtml.
2023-06-27 11:59:39.250 +08:00 [INF] Executed ViewResult - view ~/Views/Error/Default.cshtml executed in 4.0221ms.
2023-06-27 11:59:39.250 +08:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 4.8544ms
2023-06-27 11:59:39.250 +08:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
2023-06-27 11:59:39.251 +08:00 [INF] Request finished HTTP/1.1 GET https://api.thisisfortest.site/Error?httpStatusCode=400 - - - 400 - text/html;+charset=utf-8 7.8668ms
My project uses abp7 and blazer, and has been published to IIS. The certificate for https has been successfully added, but an error will be reported when the website calls the API interface, prompting 'Refused to display' https://api.thisisfortest.site/ In a frame because it set 'X-Frame Options' to' sameorigin ', May I ask how to solve it? I tried to add the configuration of X-Frame Options, but it still couldn't take effect. Do you need to configure anything for the ABP VNET project release?