I've removed only from SignalR service UseAbpSecurityHeaders I need to remove from all microservices? alse gw and auth?
I send by email because when I try to send data on this module I get en error
I try to remove UseAbpSecurityHeaders but it still not working
I send data via email I also add this to NGINX
proxy_hide_header X-Content-Type-Options;
proxy_hide_header X-XSS-Protection;
proxy_hide_header X-Frame-Options;
proxy_hide_header Referrer-Policy;
proxy_hide_header Content-Security-Policy;
With this I'm able to remove duplicated header
I see that in response header I've a lot of duplicated tag example
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
content-security-policy
default-src 'self'; connect-src 'self' wss://signalr.***.com https://signalr.**.com ws://signalr.***.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: https:;
content-type
This issue happen also in 9.x on nginx but not in IIS
Ok I try
So when I've this error from angualr app console is referd to ngix api config or nginx signalr config? The same project works fine in IIS
I'm in abp 7.4.5.
I've a reverse proxy made via nginx on exposed sever and a second server, also in linux, with abp dotnet services. I've correctly pubblicated auth, app (agular) and api gateway but I've a signalr separed microservice but when try to start conncection i get an error:
Refused to connect to 'wss://signalr.mydomain.com/signalr-hubs/instant-message?id=***&access_token=****' because it violates the following Content Security Policy directive: "default-src 'self' http: https: data: blob: 'unsafe-inline'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
I remembre that was a specific configuration to use signalr with nginx but I did't find it in docs
And I need to set this only on Host and Gateway or in all microservices?
The last issue is relate to IP i see all operation came form 127.0.0.1
