I will add this code in Auth server and blazor. Is it OK ?
Configure<AbpSecurityHeadersOptions>(options => { options.UseContentSecurityPolicyHeader = true; options.ContentSecurityPolicyValue = "default-src 'self' https://*.sharepoint.com; object-src 'none'; form-action 'self'; frame-ancestors 'none'"; });
If your cors configuration is correct, then this should fix your problem, yes. Can you try it and let me know if it fixes your problem?
Regards.
Hi, to be honest, it's weird to get a cache issue in your case. But it seems it was a temporary problem. If you reproduce it again we can deeper investigate it but probably it was a transient problem.
is there a way to delete all cached data and let it load data from the db again?
If you clear your cache, then the data will be loaded from db in the subsequent queries.
It looks like you've correctly configured CORS in all necessary projects, but you're still facing the issue. Since you're embedding the Blazor app inside an iframe, the problem might not be just CORS-related—it could be due to X-Frame-Options or Content Security Policy (CSP) settings.
Things to check:
1-) X-Frame-Options Header
If your authentication server or Blazor app is sending X-Frame-Options: DENY or X-Frame-Options: SAMEORIGIN, the browser will block embedding in an iframe.
Solution: Allow your domain by setting X-Frame-Options: ALLOW-FROM https://yourdomain.com or remove this header.
2-) Content Security Policy (CSP)
Your app might have a CSP rule blocking framing. Look for a Content-Security-Policy header with frame-ancestors 'none' or frame-ancestors 'self', which prevents embedding.
Solution: Modify it to allow the required domains:
Content-Security-Policy: frame-ancestors https://yourdomain.com https://*.sharepoint.com;
You can refer to the following docs:
Dear Engincan
I upgraded ABP suite version to v9.1.0. The same problems still exist.
Hi, you mean it still regenerates the .extended.cs file each time? I will check this.
Hello, hope you are doing well, any updates?
Hi, sorry for the late response. Our QA team tested your situation but unfortunately they could not reproduce the problem. They created an angular application with the separate auth server option in the relevant version. Did you override any service of the GDPR module or make any customizations that may affect the normal behaviour?
Or by any chance, can you share your solution via email to support@abp.io (with the ticket number), so I can better assist you?
Regards.
Hi, we could not reproduce the problem. When you leave the application without any action, it should show you an error modal as follows:
Anything that should we try to reproduce it?
Hi, we released the v9.1.0 stable version recently, and will share the blog post soon.
Regards.
Our project is structured in a tiered architecture, and the Blazor project redirects directly to the auth server upon startup. The user cannot access the Blazor screen without logging in.
Therefore, it redirects directly to the SSO site where we have deployed the auth server.
I have added the following configuration to the appsettings of both the auth server and the Blazor projects, but unfortunately, I am still encountering the same error.
"CorsOrigins": "https://.medicanamerkez.com,http://.sharepoint.com,https://*.sharepoint.com",
Hi, can you check in your module class there is a method called ConfigureCors and the content of the method is as follow?
context.Services.AddCors(options =>
{
options.AddDefaultPolicy(builder =>
{
builder
.WithOrigins(
configuration["App:CorsOrigins"]?
.Split(",", StringSplitOptions.RemoveEmptyEntries)
.Select(o => o.Trim().RemovePostFix("/"))
.ToArray() ?? Array.Empty<string>()
)
.WithAbpExposedHeaders()
.SetIsOriginAllowedToAllowWildcardSubdomains()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
});
Also, ensure you added the CorsOrigin under the App section in the appsettings.json file.
Ok. How to solve the problem of failed login from External provider now? The Client secrets obtained by my provider are encrypted.
Hi, since the client secret is encrypted then the provider is also expecting it from you with the encrypted value, so you can just set the clientSecret according to the provided value:
context.Services.AddAuthentication()
.AddMicrosoftAccount(MicrosoftAccountDefaults.AuthenticationScheme, options =>
{
//other configs...
options.ClientSecret = "<set-your-client-secret>"; //get it from appsettings.json or secret manager
})
Hello, I saw here https://abp.io/support/questions/7797/NullInjectorError-No-provider-for-InjectionToken-OPENAUTHORITYDELEGATIONMODAL that it would it be better to create a library based on the abp module.
Could you provide a guide on how to do it?Thank you
Hi, in the related question, Masum suggests to change the only relevant part that you need to customize instead of installing the source code. When you follow his approach, then you only need to update the related customizated components and align the changes on them. It might be an easier approach if you are not changing too many components. (See the related suggestion: https://abp.io/support/questions/7797/NullInjectorError-No-provider-for-InjectionToken-OPENAUTHORITYDELEGATIONMODAL#answer-3a14d843-fd08-8a5c-9b01-50f6539bc522)
But in fact, there is no change between this approach and my own suggestion fundamentally. This means you need to manually synch the related components/services.
Best regards.
