From 64d4b07eb08f0913a5b6ed8c32d3087ee08e32cc Mon Sep 17 00:00:00 2001 From: Kevin BEAUGRAND <9513635+kbeaugrand@users.noreply.github.com> Date: Wed, 29 Jun 2022 16:48:51 +0200 Subject: [PATCH] Add UseSecurityHeaders option to disable CSP --- src/AzureIoTHub.Portal/Server/ConfigHandler.cs | 3 +++ .../Server/DevelopmentConfigHandler.cs | 2 ++ .../Server/ProductionConfigHandler.cs | 2 ++ src/AzureIoTHub.Portal/Server/Startup.cs | 17 +++++++++++------ 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/src/AzureIoTHub.Portal/Server/ConfigHandler.cs b/src/AzureIoTHub.Portal/Server/ConfigHandler.cs index cd2a65e00..232c1946a 100644 --- a/src/AzureIoTHub.Portal/Server/ConfigHandler.cs +++ b/src/AzureIoTHub.Portal/Server/ConfigHandler.cs @@ -15,6 +15,7 @@ public abstract class ConfigHandler internal const string DPSConnectionStringKey = "IoTDPS:ConnectionString"; internal const string DPSServiceEndpointKey = "IoTDPS:ServiceEndpoint"; internal const string DPSIDScopeKey = "IoTDPS:IDScope"; + internal const string UseSecurityHeadersKey = "UseSecurityHeaders"; internal const string OIDCScopeKey = "OIDC:Scope"; internal const string OIDCAuthorityKey = "OIDC:Authority"; @@ -63,6 +64,8 @@ internal static ConfigHandler Create(IWebHostEnvironment env, IConfiguration con internal abstract string StorageAccountConnectionString { get; } + internal abstract bool UseSecurityHeaders { get; } + internal abstract string OIDCScope { get; } internal abstract string OIDCApiClientId { get; } diff --git a/src/AzureIoTHub.Portal/Server/DevelopmentConfigHandler.cs b/src/AzureIoTHub.Portal/Server/DevelopmentConfigHandler.cs index 9be50940a..423de0d44 100644 --- a/src/AzureIoTHub.Portal/Server/DevelopmentConfigHandler.cs +++ b/src/AzureIoTHub.Portal/Server/DevelopmentConfigHandler.cs @@ -30,6 +30,8 @@ internal DevelopmentConfigHandler(IConfiguration config) internal override string StorageAccountConnectionString => this.config[StorageAccountConnectionStringKey]; + internal override bool UseSecurityHeaders => this.config.GetValue(UseSecurityHeadersKey, true); + internal override string OIDCScope => this.config[OIDCScopeKey]; internal override string OIDCAuthority => this.config[OIDCAuthorityKey]; diff --git a/src/AzureIoTHub.Portal/Server/ProductionConfigHandler.cs b/src/AzureIoTHub.Portal/Server/ProductionConfigHandler.cs index e483712b7..a4d331bdd 100644 --- a/src/AzureIoTHub.Portal/Server/ProductionConfigHandler.cs +++ b/src/AzureIoTHub.Portal/Server/ProductionConfigHandler.cs @@ -30,6 +30,8 @@ internal ProductionConfigHandler(IConfiguration config) internal override string StorageAccountConnectionString => this.config.GetConnectionString(StorageAccountConnectionStringKey); + internal override bool UseSecurityHeaders => this.config.GetValue(UseSecurityHeadersKey, true); + internal override string OIDCScope => this.config[OIDCScopeKey]; internal override string OIDCAuthority => this.config[OIDCAuthorityKey]; diff --git a/src/AzureIoTHub.Portal/Server/Startup.cs b/src/AzureIoTHub.Portal/Server/Startup.cs index e909a3fe7..2bdbe1229 100644 --- a/src/AzureIoTHub.Portal/Server/Startup.cs +++ b/src/AzureIoTHub.Portal/Server/Startup.cs @@ -277,19 +277,24 @@ public async void Configure(IApplicationBuilder app, IWebHostEnvironment env) ArgumentNullException.ThrowIfNull(env, nameof(env)); ArgumentNullException.ThrowIfNull(app, nameof(app)); + var configuration = app.ApplicationServices.GetService(); + // Use problem details _ = app.UseProblemDetails(); app.UseIfElse(IsApiRequest, UseApiExceptionMiddleware, UseUIExceptionMiddleware); - _ = app.UseSecurityHeaders(opts => + if (configuration.UseSecurityHeaders) { - _= opts.AddContentSecurityPolicy(csp => + _ = app.UseSecurityHeaders(opts => { - _ = csp.AddFrameAncestors() - .Self() - .From(app.ApplicationServices.GetService().OIDCMetadataUrl); + _ = opts.AddContentSecurityPolicy(csp => + { + _ = csp.AddFrameAncestors() + .Self() + .From(configuration.OIDCMetadataUrl); + }); }); - }); + } if (env.IsDevelopment()) {