Reverted CSP changes for testing

Swapnamol · Swapnamol · commit eaf3e21699ed · 2025-03-18T17:34:25.000Z
diff --git a/WebAPI/LearningHub.Nhs.API/Program.cs b/WebAPI/LearningHub.Nhs.API/Program.cs
@@ -38,16 +38,16 @@
 
     app.UseMiddleware<ExceptionMiddleware>();
 
-    app.Use(async (context, next) =>
-    {
-        ////context.Response.Headers.Add("content-security-policy", "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';");
-        context.Response.Headers.Add("Referrer-Policy", "no-referrer");
-        context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
-        context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
-        context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
-        context.Response.Headers.Add("X-XSS-protection", "0");
-        await next();
-    });
+    ////app.Use(async (context, next) =>
+    ////{
+    ////    ////context.Response.Headers.Add("content-security-policy", "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';");
+    ////    context.Response.Headers.Add("Referrer-Policy", "no-referrer");
+    ////    context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
+    ////    context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
+    ////    context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
+    ////    context.Response.Headers.Add("X-XSS-protection", "0");
+    ////    await next();
+    ////});
 
     app.UseEndpoints(endpoints => endpoints.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}"));
 
