0
ahmedelkady created
- ABP Framework version: v9
- UI Type: Angular / MVC / Blazor WASM / Blazor Server
- Database System: EF Core (SQL Server)
- Tiered Auth Server Separated (for Angular): yes
- Exception message and full stack trace:
- Steps to reproduce the issue: when calling api/abp/application-configuration?includeLocalizationResources=false it shows sensitive settings such as "Abp.Identity.OAuthLogin.ClientSecret":"our-outh-secret" which is a very high vulnerability can you please guide us how solve this and why this is happening also there is too much information which shouldn't be exposed that easy. even the secret is stored as a plain text in AbpSettings!.
1 Answer(s)
-
0
Hi,
We will fix it immediately. your ticket was refunded.
You can use this temporary solution:
public class TestAppSettingDefinitionProvider : SettingDefinitionProvider { public override void Define(ISettingDefinitionContext context) { var secret = context.GetOrNull(IdentityProSettingNames.OAuthLogin.ClientSecret); secret.IsVisibleToClients = false; } }