I've removed only from SignalR service UseAbpSecurityHeaders I need to remove from all microservices? alse gw and auth?
I send by email because when I try to send data on this module I get en error
I try to remove UseAbpSecurityHeaders but it still not working
I send data via email I also add this to NGINX
proxy_hide_header X-Content-Type-Options;
proxy_hide_header X-XSS-Protection;
proxy_hide_header X-Frame-Options;
proxy_hide_header Referrer-Policy;
proxy_hide_header Content-Security-Policy;
With this I'm able to remove duplicated header
I see that in response header I've a lot of duplicated tag example
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
content-security-policy
default-src 'self'; connect-src 'self' wss://signalr.***.com https://signalr.**.com ws://signalr.***.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: https:;
content-type
This issue happen also in 9.x on nginx but not in IIS
Ok I try
So when I've this error from angualr app console is referd to ngix api config or nginx signalr config? The same project works fine in IIS
And I need to set this only on Host and Gateway or in all microservices?
The last issue is relate to IP i see all operation came form 127.0.0.1
I found the correct path:
NGinx exposed: ng-01 (auth,api,app) -> reverse to -> mc-01 NGinx internal: mc-01
I set the host in mc-01 to route traffic to ng-01 beacuse the auth,api,app are configured in this host.
In the next days I try to change microservice to use local url on mc-01. For ex in idenitity I set the auth server not to auth....com but mc-01:43645 or mc-01:5001 I think it works as well
