From 016c5a6718663e6391382a214843dcbfcd20fd9e Mon Sep 17 00:00:00 2001 From: damienbod Date: Fri, 3 Nov 2023 09:35:02 +0100 Subject: [PATCH] fix headers, updated packages --- DeviceFlowWeb/SecurityHeadersDefinitions.cs | 1 - .../keys/is-signing-key-7D76F7B079E1399ACD4189ABBDA40CBE.json | 1 + WebApi/SecurityHeadersDefinitions.cs | 1 - WebHybridFlowClient/SecurityHeadersDefinitions.cs | 1 - 4 files changed, 1 insertion(+), 3 deletions(-) create mode 100644 StsServerIdentity/keys/is-signing-key-7D76F7B079E1399ACD4189ABBDA40CBE.json diff --git a/DeviceFlowWeb/SecurityHeadersDefinitions.cs b/DeviceFlowWeb/SecurityHeadersDefinitions.cs index 98a1041..c83353d 100644 --- a/DeviceFlowWeb/SecurityHeadersDefinitions.cs +++ b/DeviceFlowWeb/SecurityHeadersDefinitions.cs @@ -8,7 +8,6 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev) { var policy = new HeaderPolicyCollection() .AddFrameOptionsDeny() - .AddXssProtectionBlock() .AddContentTypeOptionsNoSniff() .AddReferrerPolicyStrictOriginWhenCrossOrigin() .AddCrossOriginOpenerPolicy(builder => builder.SameOrigin()) diff --git a/StsServerIdentity/keys/is-signing-key-7D76F7B079E1399ACD4189ABBDA40CBE.json b/StsServerIdentity/keys/is-signing-key-7D76F7B079E1399ACD4189ABBDA40CBE.json new file mode 100644 index 0000000..8069538 --- /dev/null +++ b/StsServerIdentity/keys/is-signing-key-7D76F7B079E1399ACD4189ABBDA40CBE.json @@ -0,0 +1 @@ +{"Version":1,"Id":"7D76F7B079E1399ACD4189ABBDA40CBE","Created":"2023-11-03T08:32:22.0893569Z","Algorithm":"RS256","IsX509Certificate":false,"Data":"CfDJ8D1tH388ktRAgqigo3XIXylYwKT8b2QPNqYFjPZNTa_n-q-ah9ettJYYDlAVmYjzSnlHS4ZypXANxpLERYB1bjW5PBDRlwMIdGOxMLUnlJHlvPrMbeLL55ow9YUBj5ysUC55nJeg5ZaW4ecyPv5wSUnoLx4olZ9miMIl1PBW2DQ3WvI_09eGm8FL9pEDEAG-h3Pj72c6jqjXhKvRHMYL81z7iFS9A2BdpkgrzyTUOBkiAdZFmNYc77GzvHf8AkCp73mSIjwLKA_nFumdXvNXU_-gnJKTYnUTeZBMlOLaGll4VI6g1I-PVWO6e5Z8CI8PF8hrNXzYLka1Zk2TKQ4i1pAhQ0DU-7l5R-u0C7c8VFKc7VagmeCjScfRdpWwrL3IbVkkL0hQ2r9_UCaF8Sy3yFTyaYCDqMr0d0YrqJFATWv6jbldnKZDz4WvIlIx037nef-YhsxQFNVziGUj9hMr_g4aHPhHhzwtGi2rW-7zXui7YSNwh7tFIRHzKrnRjD1GJR9e_Goj58DEoV3kI1jDdAbZsEdtjGSZZZ-U18Th08_6n5hm_IoGG23p1Ib4TIAzMOvPnTj8ALj3lWfQidK7LVstO52Q8RGcq9FwRF_KJe53-XUEoSEKJzktpNm1377WH6JhH-EccHbPtT7gNOJ8m3KyEMaaBLTw2aj99nawFHz7QDZ9-3u03jxdTbPGtOogXvxeLMWf25XNTqbKyF7Hequw-EOffvwc-a2rPpvwTszNG8Rzg8kI0XJc7TFdeCjErQq1O6Id0CB4-xaPzPBjP6yFWDHNY_0XJpmjEQoVJYNs41gmgD2Op_cCxShKXYuPnMqnr_6eqcxiGt2TBMgHnaakSEe4lciZ_mK7XxPeX5hKoqta8DujPTlA2p7BDlhSWqinL0tvjRUFeqUiRYmhKaRdHzcdWW1Swa1NSgTKto6LMxTk_HljLgSXLp4TiDAIYL4Cv8n9NoBa6ElxCegIf3KkpwHTdwjVa87XPvlUHdm9jRKkqh9u03t5sga1a6P8K2STAja_YKoM10i807pmyRuoGvBkO8AsAeGt2_rojBG1Wq_kHBv3dwT3scaKYkVk6b_4UfElTQ1y6Vn8pTdp4uQfZ8KciMXCORE6RknBO1DwLkhBSClbF-SwInZeUCh-an8G4OH24s8eMSnT8CNf8w2gPJkwm7-0WA2AMRopW5W_kiHIs1qkswMx55PaahAokLnM3mvElYIZgAp-c6C9o_mTqfUheS-DPretyAoAXUNdvvdR3bUn4pfviHoX8Obb_vcyFPyPakxGkktdgqUYgly9TzEYOM1Cy75crcB58_j_cnD0Fq--Es-4ucHK7pwkTSSRoD4OMGaww8XQkX6SCTK11yMdK-AZp3YD5JVTrjPnjnNbvK6VFLQJPa134M3RFOLInrkv9TSImD8gYpaHFKGGI6_kVhsS2P3PqAL1zG_EtiQo-k90Q89hhBAxgrrgc4CAopsRfNvyFtxgrrenLeoDusJm7Pnn2lFWF_ho2zWBouPVGPO3i-IqAB0O7l3zXoSPaoIqYnCEZU48NSvoa1YUnBB7892A_o7U1mwXP7PovulVmATDDqujbQTo_Z2M808Zm4JbPMjPWKW9eCnvAQZ2Kn5Arn8so6Jz2WFmeGlxtm2DcQcv64_tUs7l0GNKQFm9AuMU5eAHIURpNtlwNTmHPLPUi9eD6XvJi33weC-0VpXrBgaV8zNU_TBylVsLKroD2A3zHFCikfqmejph3loloXf1WOCLDNA4Oa5AnR0z8b5vpWacwb4q6AIgGdIgBsWzQEZXqoIslJdWCYOhQRkejIxkC43jCDpxF_iXeGvK5Iabiy29KrLIP-ncxnGKu6HVfWsPbY0dV1WcH744lKQLH_ktTqgY6P6JJbjDDRojss3R5-fpE-Brhq4cRA8rq4B70PNoT7XGGYf3w-wEQFr95mt4GYwKTiHMX1jP0n0dJmH9PyK8aYfncdawYX18vDse9DGYaO2PT3fKKgMYTF9DJGLrFm8NjElPjXu3ABa-jOZylGYFi_aC5g-ICENzd_hA1ihTM9pXrsLkvjpdBxWvIb5uMQpmtZ6vCh5DcSZPbHZGXrMzkGCST7yec2FQZavcYpHGEynwhttRMjpI28HB2jChpgI4cJOVXSjBnPIWJXYJdon1VvxUomd0YTfBDQUBWji7M5gebXkkfqIlxhLowWir7zSZTDUMUi4kYh8qbj679aNpbNyYtrCv9c186hsC3K6IHd29nBnVCyKJD2Ofm0VDi9Z87_YDIK-DLXUF1DQJ2jDRigp6hRPZVtm3TLCv-qoNb03BT9UZHzi7VRypUxnUCU5mG37DvuqpDMdqC3EYZk3c0fe-3mJy9XYPElR84wJIi9XbfdnXQgYlqVpGYFn2t4Icspr5N6SsJPk37YRKjXfClqDn3gOm8zUCSqqBq6CqUgVZWtL3uhmNDgyWe4whi1XV56_q10BtLx5F","DataProtected":true} \ No newline at end of file diff --git a/WebApi/SecurityHeadersDefinitions.cs b/WebApi/SecurityHeadersDefinitions.cs index 90fc917..7560a55 100644 --- a/WebApi/SecurityHeadersDefinitions.cs +++ b/WebApi/SecurityHeadersDefinitions.cs @@ -6,7 +6,6 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev) { var policy = new HeaderPolicyCollection() .AddFrameOptionsDeny() - .AddXssProtectionBlock() .AddContentTypeOptionsNoSniff() .AddReferrerPolicyStrictOriginWhenCrossOrigin() .RemoveServerHeader() diff --git a/WebHybridFlowClient/SecurityHeadersDefinitions.cs b/WebHybridFlowClient/SecurityHeadersDefinitions.cs index 40c4899..6bfbf59 100644 --- a/WebHybridFlowClient/SecurityHeadersDefinitions.cs +++ b/WebHybridFlowClient/SecurityHeadersDefinitions.cs @@ -8,7 +8,6 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev) { var policy = new HeaderPolicyCollection() .AddFrameOptionsDeny() - .AddXssProtectionBlock() .AddContentTypeOptionsNoSniff() .AddReferrerPolicyStrictOriginWhenCrossOrigin() .AddCrossOriginOpenerPolicy(builder => builder.SameOrigin())