Activities of "andmattia"

abp 7, 4 ,5

How can i user access-token.bin on git action???

With the proposal provided it still doesn't work

The problem is that when I set the tenant and click Login, it always tries to log in as the host. It doesn't seem to pass the tenant. I followed this git to replace the components.

https://gist.github.com/mehmet-erim/dac82931935a465a48802447de501032

My environment.ts is

import { Environment } from '@abp/ng.core';

const baseUrl = 'http://localhost:4200';

const oAuthConfig = { issuer: 'https://...../', redirectUri: baseUrl, clientId: 'Angular', scope: 'offline_access address roles openid profile email phone AuthServer IdentityService AdministrationService AuditLoggingService GdprService SaasService LanguageService OfficeService', requireHttps: false, impersonation: { tenantImpersonation: true, userImpersonation: true, } };

export const environment = { production: false, googleMapsApiKey: 'AIzaSyBsYU6NzW63ZGx_l3vDvtPsQ-ix_NHgPtI', application: { baseUrl, name: 'routilia', }, localization: { defaultResourceName: 'routilia' }, oAuthConfig, apis: { default: { url: 'https://.......', rootNamespace: 'dm.routilia', }, // OfficeService: { // url: 'http://......', // rootNamespace: 'dm.routilia', // }, AbpAccountPublic: { url: oAuthConfig.issuer, rootNamespace: 'AbpAccountPublic', }, }, } as Environment;

Ok, now it works as expected.

1. I remove UseAbpSecurityHeaders from all projects
2. In SignalR, I check the scope and headers
3. In Nginx,x ,where host the Angular app on an internal machine, I remove all headers for normal connections
4. In Nginx, I removed CSP
5. I leave the header only for getEnv for JSON

I've removed only from SignalR service UseAbpSecurityHeaders I need to remove from all microservices? alse gw and auth?

I send by email because when I try to send data on this module I get en error

Ok

I try to remove UseAbpSecurityHeaders but it still not working

I send data via email I also add this to NGINX

proxy_hide_header X-Content-Type-Options;
        proxy_hide_header X-XSS-Protection;
        proxy_hide_header X-Frame-Options;
        proxy_hide_header Referrer-Policy;
        proxy_hide_header Content-Security-Policy;

With this I'm able to remove duplicated header

I see that in response header I've a lot of duplicated tag example

content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
content-security-policy
default-src 'self'; connect-src 'self' wss://signalr.***.com https://signalr.**.com ws://signalr.***.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: https:;

content-type

This issue happen also in 9.x on nginx but not in IIS