Thanks! Once I added the redirect uri and in the openiddictseeder the problem with the X frame options was gone. So everything works very good now! Thank for good support!
Thanks,
I could just see 4 instances of app.UseAbpSecurityHeaders();, but in identity and administration it was already commented out (from the.ABP 9.2.3 generator).
However, I was commented public web and authserver, unfortunately with no success.
Looking in the logs for authserver and got this one:
"private_key_jwt",
"client_secret_basic"
],
"require_pushed_authorization_requests": false,
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"tls_client_certificate_bound_access_tokens": false,
"authorization_response_iss_parameter_supported": true
}.
[19:53:57 INF] Request finished HTTP/1.1 GET http://auth.staging.mydomain.com/.well-known/openid-configuration - 200 2942 application/json;charset=UTF-8 242.444ms
[19:53:57 INF] Request starting HTTP/1.1 GET http://auth.staging.mydomain.com/connect/authorize?client_id=Blazor&redirect_uri=https%3A%2F%2Flocalhost%3A44346%2Fauthentication%2Flogin-callback&response_type=code&scope=openid%20profile%20roles%20email%20phone%20AuthServer%20IdentityService%20AdministrationService%20CustomerService%20DocumentService%20TicketService%20InvoiceService%20SaasService%20AuditLoggingService%20GdprService%20ChatService&state=f324eee679f54369affac890a1d21fb2&code_challenge=0PcnlBsXiA2TI_vmnDrwGA-fAh35nP5irdgN_U2CnOY&code_challenge_method=S256&prompt=none&response_mode=query - null null
[19:53:57 WRN] Unknown proxy: [::ffff:10.244.1.23]:44548
[19:53:57 INF] The request URI matched a server endpoint: Authorization.
[19:53:57 INF] The authorization request was successfully extracted: {
"client_id": "Blazor",
"redirect_uri": "https://localhost:44346/authentication/login-callback",
"response_type": "code",
"scope": "openid profile roles email phone AuthServer IdentityService AdministrationService CustomerService DocumentService TicketService InvoiceService SaasService AuditLoggingService GdprService ChatService",
"state": "f324eee679f54369affac890a1d21fb2",
"code_challenge": "0PcnlBsXiA2TI_vmnDrwGA-fAh35nP5irdgN_U2CnOY",
"code_challenge_method": "S256",
"prompt": "none",
"response_mode": "query"
}.
[19:53:57 INF] Client validation failed because 'https://localhost:44346/authentication/login-callback' was not a valid redirect_uri for Blazor.
[19:53:57 INF] The authorization request was rejected because the redirect_uri was invalid: 'https://localhost:44346/authentication/login-callback'.
Guess I have to append the redirectUris in services/identity/MyApplication.IdentityService/Data/OpenIddictDataSeeder.cs . But could that trigger the X-Frame-Options' to 'SAMEORIGIN'.?
Thanks for fast response :-)
I was disabling the security headers in the auth-server project.
However, I still get the same error in the browser console: Refused to display 'https://auth.staging.mydomain.com/Error?httpStatusCode=400' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
In which projects do I need disable the headers, I thought that auth-server is enough?
Thanks :-)
I’ve deployed my microservice solution on a staging Kubernetes cluster at our cloud provider, and it works fine when accessing the Blazor WebAssembly app via the domain name. To avoid having to start all the services locally when developing the Blazor app, we previously added "App__CorsOrigins": "https://localhost:44346" in the Helm Chart. This worked fine in ABP 9.0.x but not in 9.2.3. In that case, the web browser shows the following message: Refused to display 'https://auth.staging.mydomain.com/Error?httpStatusCode=400' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. Is there a good and convenient way to configure this, with minimal impact on the services and Blazor?
Sorry, my bad. Replied to the no-reply address. Now you should have it :-)
Hi,
Just to keep the ticket alive, I replied by mail.
Thanks
Hi Liming :-)
There is no content in appsettings.Development.json
I don't have MyApplicationBlazorModule . I guess it has to do with the hybrid Blazor mode. We only have a Blazor WebAssembly as a client application only.
However MyApplicationBlazorClientModule is present. I mailed it to you so you can check it out.
Thanks.
I was created a new project using latest ABP Studio in Windows, with version 9.2.3 and this is what I got:
{
"id": "2cdc3cc3-5ca6-428f-a66c-eede50197ccd",
"template": "microservice",
"versions": {
"LeptonX": "4.2.3",
"AbpFramework": "9.2.3",
"AbpCommercial": "9.2.3",
"AbpStudio": "1.1.2",
"TargetDotnetFramework": "net9.0"
},
"folders": {
"items": {
"services": {},
"apps": {},
"gateways": {}
}
},
"runProfiles": {
"Default": {
"path": "etc/abp-studio/run-profiles/Default.abprun.json"
}
},
"modules": {
"MyApplication.AdministrationService": {
"path": "services/administration/MyApplication.AdministrationService.abpmdl",
"folder": "services"
},
"MyApplication.IdentityService": {
"path": "services/identity/MyApplication.IdentityService.abpmdl",
"folder": "services"
},
"MyApplication.Web.Public": {
"path": "apps/public/MyApplication.Web.Public.abpmdl",
"folder": "apps"
},
"MyApplication.PublicGateway": {
"path": "gateways/public/MyApplication.PublicGateway.abpmdl",
"folder": "gateways"
},
"MyApplication.SaasService": {
"path": "services/saas/MyApplication.SaasService.abpmdl",
"folder": "services"
},
"MyApplication.ChatService": {
"path": "services/chat/MyApplication.ChatService.abpmdl",
"folder": "services"
},
"MyApplication.AuditLoggingService": {
"path": "services/audit-logging/MyApplication.AuditLoggingService.abpmdl",
"folder": "services"
},
"MyApplication.GdprService": {
"path": "services/gdpr/MyApplication.GdprService.abpmdl",
"folder": "services"
},
"MyApplication.LanguageService": {
"path": "services/language/MyApplication.LanguageService.abpmdl",
"folder": "services"
},
"MyApplication.Blazor": {
"path": "apps/blazor/MyApplication.Blazor.abpmdl",
"folder": "apps"
},
"MyApplication.MobileGateway": {
"path": "gateways/mobile/MyApplication.MobileGateway.abpmdl",
"folder": "gateways"
},
"MyApplication.AuthServer": {
"path": "apps/auth-server/MyApplication.AuthServer.abpmdl",
"folder": "apps"
},
"MyApplication.WebGateway": {
"path": "gateways/web/MyApplication.WebGateway.abpmdl",
"folder": "gateways"
},
"MyApplication.DocumentService": {
"path": "services/document/MyApplication.DocumentService.abpmdl",
"folder": "services"
},
"MyApplication.TicketService": {
"path": "services/ticket/MyApplication.TicketService.abpmdl",
"folder": "services"
},
"MyApplication.InvoiceService": {
"path": "services/invoice/MyApplication.InvoiceService.abpmdl",
"folder": "services"
},
"MyApplication.CustomerService": {
"path": "services/customer/MyApplication.CustomerService.abpmdl",
"folder": "services"
}
},
"k8sProfiles": {
"local": {
"path": "etc/abp-studio/k8s-profiles/local.abpk8s.json"
}
},
"commands": {
"helmBuildDotnetImage": {
"triggerTargets": [
"HELM_CHARTS_ROOT",
"HELM_MAIN_CHART",
"HELM_SUB_CHART"
],
"executionTargets": [
"HELM_MAIN_CHART",
"HELM_SUB_CHART"
],
"displayName": "Build Docker Image(s)",
"workingDirectory": "etc/helm",
"terminalCommand": "./build-image.ps1 -ProjectPath {{metadata.projectPath}} -ImageName {{metadata.imageName}} -ProjectType {{metadata.projectType}}",
"condition": "{{metadata.projectPath != null && metadata.imageName != null && metadata.projectType != null}}"
},
"helmInstallChart": {
"triggerTargets": [
"HELM_CHARTS_ROOT",
"HELM_MAIN_CHART"
],
"executionTargets": [
"HELM_MAIN_CHART"
],
"displayName": "Install Chart(s)",
"workingDirectory": "etc/helm",
"terminalCommand": "./install.ps1 -ChartName {{chart.name}} -Namespace {{profile.namespace}} -ReleaseName {{chart.name}}-{{profile.name}} -DotnetEnvironment {{metadata.dotnetEnvironment}} {{~if metadata.k8ssuffix}} -User {{metadata.k8ssuffix}}{{end}}",
"requireConfirmation": "true",
"confirmationText": "Are you sure to install the chart(s) for the profile {{ profile.name }}?"
},
"helmUninstallChart": {
"triggerTargets": [
"HELM_CHARTS_ROOT",
"HELM_MAIN_CHART"
],
"executionTargets": [
"HELM_MAIN_CHART"
],
"displayName": "Uninstall Chart(s)",
"workingDirectory": "etc/helm",
"terminalCommand": "./uninstall.ps1 -Namespace {{profile.namespace}} -ReleaseName {{chart.name}}-{{profile.name}} {{~if metadata.k8ssuffix}} -User {{metadata.k8ssuffix}}{{end}}",
"requireConfirmation": "true",
"confirmationText": "Are you sure to uninstall the chart(s) for the profile {{profile.name}}?"
},
"kubernetesRedeploy": {
"triggerTargets": [
"KUBERNETES_SERVICE"
],
"executionTargets": [
"KUBERNETES_SERVICE"
],
"displayName": "Redeploy",
"workingDirectory": "etc/helm",
"terminalCommand": "./build-image.ps1 -ProjectPath {{chart.metadata.projectPath}} -ImageName {{chart.metadata.imageName}} -ProjectType {{chart.metadata.projectType}} &&& ./install.ps1 -ChartName {{mainChart.name}} -Namespace {{profile.namespace}} -ReleaseName {{mainChart.name}}-{{profile.name}} -DotnetEnvironment {{mainChart.metadata.dotnetEnvironment}} {{~if metadata.k8ssuffix}} -User {{metadata.k8ssuffix}}{{end}}",
"requireConfirmation": "true",
"confirmationText": "Are you sure to redeploy the related chart '{{chart.name}}' for the service '{{name}}'?",
"condition": "{{chart != null && chart.metadata.projectPath != null && chart.metadata.imageName != null && chart.metadata.projectType != null}}"
},
"createTlsSecret": {
"triggerTargets": [
"HELM_CHARTS_ROOT"
],
"executionTargets": [
"HELM_CHARTS_ROOT"
],
"displayName": "Create Self-Signed TLS secret",
"workingDirectory": "etc/helm",
"terminalCommand": "./create-tls-secrets.ps1 -Namespace {{profile.namespace}} {{~if metadata.k8ssuffix}} -User {{metadata.k8ssuffix}}{{end}}"
}
},
"helm": {
"charts": {
"myapplication": {
"name": "myapplication",
"path": "etc/helm/myapplication",
"charts": {
"administration": {
"name": "administration",
"path": "etc/helm/myapplication/charts/administration",
"metadata": {
"projectPath": "../../services/administration/MyApplication.AdministrationService/MyApplication.AdministrationService.csproj",
"imageName": "myapplication/administration",
"projectType": "dotnet"
},
"services": [
".*-administration$"
]
},
"auditlogging": {
"name": "auditlogging",
"path": "etc/helm/myapplication/charts/auditlogging",
"metadata": {
"projectPath": "../../services/audit-logging/MyApplication.AuditLoggingService/MyApplication.AuditLoggingService.csproj",
"imageName": "myapplication/auditlogging",
"projectType": "dotnet"
},
"services": [
".*-auditlogging$"
]
},
"authserver": {
"name": "authserver",
"path": "etc/helm/myapplication/charts/authserver",
"metadata": {
"projectPath": "../../apps/auth-server/MyApplication.AuthServer/MyApplication.AuthServer.csproj",
"imageName": "myapplication/authserver",
"projectType": "dotnet"
},
"services": [
".*-authserver$"
]
},
"blazor": {
"name": "blazor",
"path": "etc/helm/myapplication/charts/blazor",
"metadata": {
"projectPath": "../../apps/blazor/MyApplication.Blazor/MyApplication.Blazor.csproj",
"imageName": "myapplication/blazor",
"projectType": "dotnet"
},
"services": [
".*-blazor$"
]
},
........
],
"defaultLanguage": "English",
"createCommand": "abp new MyApplication -t microservice --ui-framework blazor --mobile react-native --database-provider ef --database-management-system postgresql --theme leptonx --skip-migrator --public-website --without-cms-kit --dont-run-bundling -no-file-management -no-language-management -chat"
}
}
The file structure is as follows:
apps/blazor/
├── common.props
├── MyApplication.Blazor
│ ├── _Imports.razor
│ ├── App.razor
│ ├── Components
│ │ └── Layout
│ │ └── LeptonXFooter.razor
│ ├── Dockerfile
│ ├── MyApplication.Blazor.abppkg
│ ├── MyApplication.Blazor.csproj
│ ├── MyApplicationBlazorModule.cs
│ ├── MyApplicationScriptBundleContributor.cs
│ ├── MyApplicationStyleBundleContributor.cs
│ ├── Program.cs
│ ├── Properties
│ │ └── launchSettings.json
│ └── wwwroot
│ └── images
│ ├── getting-started
│ │ ├── bg-01.png
│ │ ├── book.png
│ │ ├── discord.svg
│ │ ├── img-blog.png
│ │ ├── img-community.png
│ │ ├── img-support.png
│ │ ├── instagram.svg
│ │ ├── stack-overflow.svg
│ │ ├── x-white.svg
│ │ └── youtube.svg
│ └── logo
│ └── leptonx
│ ├── icon.svg
│ ├── logo-dark.svg
│ └── logo-light.svg
├── MyApplication.Blazor.abpmdl
├── MyApplication.Blazor.Client
│ ├── _Imports.razor
│ ├── Components
│ │ └── Layout
│ │ └── LeptonXFooter.razor
│ ├── MyApplication.Blazor.Client.abppkg
│ ├── MyApplication.Blazor.Client.csproj
│ ├── MyApplicationBlazorAutoMapperProfile.cs
│ ├── MyApplicationBlazorClientModule.cs
│ ├── MyApplicationBrandingProvider.cs
│ ├── MyApplicationComponentBase.cs
│ ├── Navigation
│ │ ├── MyApplicationMenuContributor.cs
│ │ └── MyApplicationMenus.cs
│ ├── Pages
│ │ ├── HostDashboard.razor
│ │ ├── HostDashboard.razor.cs
│ │ ├── Index.razor
│ │ ├── Index.razor.cs
│ │ ├── Index.razor.css
│ │ ├── TenantDashboard.razor
│ │ └── TenantDashboard.razor.cs
│ ├── Program.cs
│ ├── Properties
│ │ └── launchSettings.json
│ ├── Routes.razor
│ └── wwwroot
│ ├── appsettings.Development.json
│ ├── appsettings.json
│ ├── favicon.ico
│ ├── images
│ │ └── logo
│ └── main.css
└── MyApplication.Blazor.sln
I am not sure if I follow you... Hope you got some information of the above information. Please let me know if there is something else that can get some ideas.
Thanks in advance :-)
In my pod shell there is only one appsettings.json as far as I can see:
root@myapplication-blazor-574bcb6484-7rsrx:/# find ./ -name appsettings.json
./app/wwwroot/appsettings.json
I also tried to create a new solution using 9.2.2 using ABP CLI. Following app settings.json is found.
$ find ./ -name appsettings.json
./gateways/web/MyApplication.WebGateway/appsettings.json
./gateways/public/MyApplication.PublicGateway/appsettings.json
./gateways/mobile/MyApplication.MobileGateway/appsettings.json
./apps/auth-server/MyApplication.AuthServer/appsettings.json
./apps/public/MyApplication.Web.Public/appsettings.json
./apps/blazor/MyApplication.Blazor.Client/wwwroot/appsettings.json
./services/identity/MyApplication.IdentityService/appsettings.json
./services/chat/MyApplication.ChatService/appsettings.json
./services/file-management/MyApplication.FileManagementService/appsettings.json
./services/language/MyApplication.LanguageService/appsettings.json
./services/gdpr/MyApplication.GdprService/appsettings.json
./services/administration/MyApplication.AdministrationService/appsettings.json
./services/saas/MyApplication.SaasService/appsettings.json
./services/audit-logging/MyApplication.AuditLoggingService/appsettings.json
./services/customer/MyApplication.CustomerService/appsettings.json
Any more ideas? Thanks :-)
Thanks,
<cb6484-7rsrx:/app# cat wwwroot/appsettings.json
{
"App": {
"SelfUrl": "https://staging.mydomain.io"
},
"AuthServer": {
"Authority": "https://auth.staging.mydomain.io",
"ClientId": "Blazor",
"ResponseType": "code"
},
"RemoteServices": {
"Default": {
"BaseUrl": "https://gateway-web.staging.mydomain.io"
}
},
"AbpCli": {
"Bundle": {
"Mode": "BundleAndMinify", /* Options: None, Bundle, BundleAndMinify */
"Name": "global"
}
}
root@geoticket-blazor-574bcb6484-7rsrx:/app#
I have checked, but no http:/ links .
Yes, I am using Nginx reverse proxy. Can you show me a working example here? Thanks :-)
