Reverted in memory ticket store from RC

Swapnamol · Swapnamol · commit 610f1a5bb583 · 2025-03-20T14:06:57.000Z
diff --git a/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs b/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs
@@ -33,7 +33,7 @@ public override void OnResultExecuting(ResultExecutingContext context)
 
                 // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
                 ////var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
-                var csp = "object-src 'none'; frame-ancestors 'none'; base-uri 'self';";
+                var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';";
                 //// also consider adding upgrade-insecure-requests once you have HTTPS in place for production
                 ////csp += "upgrade-insecure-requests;";
                 //// also an example if you need client images to be displayed from twitter
diff --git a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs
@@ -73,11 +73,7 @@ public static void ConfigureServices(this IServiceCollection services, IConfigur
                 options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
             })
-            .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
-            {
-                options.AccessDeniedPath = "/Home/AccessDenied";
-                options.SessionStore = new InMemoryTicketStore(new ConcurrentDictionary<string, AuthenticationTicket>());
-            })
+            .AddCookie()
             .AddOpenIdConnect(
                 "oidc_oa",
                 options =>
diff --git a/LearningHub.Nhs.UserApi/Program.cs b/LearningHub.Nhs.UserApi/Program.cs
@@ -10,7 +10,7 @@
 
 var logger = NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger();
 
-var csp = "object-src 'none'; frame-ancestors 'none'; base-uri 'self';";
+var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';";
 try
 {
     logger.Debug("Log Started");

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`
`11`	`11`	`var logger = NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger();`
`12`	`12`
`13`		`-var csp = "object-src 'none'; frame-ancestors 'none'; base-uri 'self';";`
	`13`	`+var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';";`
`14`	`14`	`try`
`15`	`15`	`{`
`16`	`16`	`logger.Debug("Log Started");`