Separate content security policies for the frontend and back office in Umbraco 12
Hi all,
I'm stumped. I've seen folks with similar issues on the forum, but I've had trouble leveraging those threads for my own case. I'm really new to Umbraco. Here's the middleware class we are using to implement our content security policy. Is there a way to have some kind of conditional that allows us to set different response headers for the frontend and back office. Currently, our back office is unavailable because it violates the csp, so we'd like it to have it's own csp so we can access it again.
But in dot net core you can use 'UseWhen' to set a condition for when to action some middleware, so if the request is not beginning with /umbraco you can use your front end csp and otherwise apply your backoffice csp..
Separate content security policies for the frontend and back office in Umbraco 12
Hi all,
I'm stumped. I've seen folks with similar issues on the forum, but I've had trouble leveraging those threads for my own case. I'm really new to Umbraco. Here's the middleware class we are using to implement our content security policy. Is there a way to have some kind of conditional that allows us to set different response headers for the frontend and back office. Currently, our back office is unavailable because it violates the csp, so we'd like it to have it's own csp so we can access it again.
This is added to startup.cs like so:
Hi utilityLA
I fear I'm sending you a link you might have already seen.
https://our.umbraco.com/forum/using-umbraco-and-getting-started/110495-backoffice-specific-csp-in-v9plus
But in dot net core you can use 'UseWhen' to set a condition for when to action some middleware, so if the request is not beginning with /umbraco you can use your front end csp and otherwise apply your backoffice csp..
Regards
Marc
Thank you for directing me to this Marc. This was helpful.
is working on a reply...