Development en productie eigen CSP headers gegeven zodat Localhost niet toegestaan is in de productie omgeving.

Programeerik · Programeerik · commit fcbec01a5da8 · 2025-10-08T21:39:25.000+02:00
diff --git a/ShowcaseProject/ShowcaseFrontend/Program.cs b/ShowcaseProject/ShowcaseFrontend/Program.cs
@@ -40,21 +40,45 @@
     // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
     app.UseHsts();
 }
-app.Use(async (context, next) =>
+if (!app.Environment.IsDevelopment())
 {
-    context.Response.Headers.Append("Content-Security-Policy",
-        "default-src 'self'; " +
-        "script-src 'self' https://cdnjs.cloudflare.com ; " +
-        "style-src 'self' 'sha256-xyz4zkCjuC3lZcD2UmnqDG0vurmq12W/XKM5Vd0+MlQ='; " +
-        "font-src 'self' ; " +
-        "img-src 'self'; " +
-        "object-src 'none'; " +
-        "frame-ancestors 'none'; " +
-        "base-uri 'self'; " +
-        "form-action 'self';"+
-        "connect-src 'self'  ws://localhost:* http://localhost:5001 https://cdnjs.cloudflare.com/ajax/libs/microsoft-signalr/6.0.1/signalr.js.map; ");
-    await next();
-});
+    app.Use(async (context, next) =>
+    {
+        context.Response.Headers.Append("Content-Security-Policy",
+            "default-src 'self'; " +
+            "script-src 'self' https://cdnjs.cloudflare.com ; " +
+            "style-src 'self' ; " +
+            "font-src 'self' ; " +
+            "img-src 'self'; " +
+            "object-src 'none'; " +
+            "frame-ancestors 'none'; " +
+            "base-uri 'self'; " +
+            "form-action 'self';" +
+            "connect-src 'self' https://frontend-erik.azurewebsites.net " +
+            "wss://showcaseapi-demo123.eastus.azurecontainer.io " +
+            "https://showcaseapi-demo123.eastus.azurecontainer.io ; ");
+        await next();
+    });
+}
+else
+{
+    app.Use(async (context, next) =>
+    {
+        context.Response.Headers.Append("Content-Security-Policy",
+            "default-src 'self'; " +
+            "script-src 'self' https://cdnjs.cloudflare.com ; " +
+            "style-src 'self' ; " +
+            "font-src 'self' ; " +
+            "img-src 'self'; " +
+            "object-src 'none'; " +
+            "frame-ancestors 'none'; " +
+            "base-uri 'self'; " +
+            "form-action 'self';" +
+            "connect-src 'self'  ws://localhost:* http://localhost:5001; ");
+        await next();
+    });
+}
+    
 if (!app.Environment.IsDevelopment())
 {
     app.UseHttpsRedirection();
diff --git a/ShowcaseProject/ShowcaseFrontend/wwwroot/js/game.js b/ShowcaseProject/ShowcaseFrontend/wwwroot/js/game.js
@@ -132,11 +132,9 @@
 
     async function createGameBoard(groupName,playerSymbol) {
         const board = document.querySelector("#GameBoard");
-        //board.setAttribute("style", "display:grid;width: 150px;grid-template-columns: auto auto auto;gap: 5px 5px;");
         for (let i = 0; i < 9; i++) {
             let span = document.createElement("div");
             span.innerHTML = " ";
-            //span.style = "border:solid;#333333;1px;width:50px;height:50px;";
             span.id = "cell" + i;
             span.onclick = async () => {
                 let cell = document.getElementById("cell" + i);
