From 65490d6cd8ef61e8317bc8dfbe43881f321a6686 Mon Sep 17 00:00:00 2001 From: Martinus Suherman Date: Wed, 4 Jan 2023 14:39:21 +0700 Subject: [PATCH 1/4] Add method RegisterForwardedHeaders --- src/Skoruba.IdentityServer4.STS.Identity/Startup.cs | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/Skoruba.IdentityServer4.STS.Identity/Startup.cs b/src/Skoruba.IdentityServer4.STS.Identity/Startup.cs index 38fb4ece0..8a535b0f7 100644 --- a/src/Skoruba.IdentityServer4.STS.Identity/Startup.cs +++ b/src/Skoruba.IdentityServer4.STS.Identity/Startup.cs @@ -13,6 +13,7 @@ using Skoruba.IdentityServer4.STS.Identity.Helpers; using System; using Skoruba.IdentityServer4.Shared.Configuration.Helpers; +using Microsoft.AspNetCore.HttpOverrides; namespace Skoruba.IdentityServer4.STS.Identity { @@ -109,6 +110,16 @@ public virtual void RegisterAuthorization(IServiceCollection services) services.AddAuthorizationPolicies(rootConfiguration); } + public virtual void RegisterForwardedHeaders(IServiceCollection services) + { + services.Configure(options => + { + options.ForwardedHeaders = ForwardedHeaders.All; + options.KnownNetworks.Clear(); + options.KnownProxies.Clear(); + }); + } + public virtual void UseAuthentication(IApplicationBuilder app) { app.UseIdentityServer(); From bb8001a3e72d03501f4f002070b9beed8375f6ca Mon Sep 17 00:00:00 2001 From: Martinus Suherman Date: Wed, 4 Jan 2023 14:40:45 +0700 Subject: [PATCH 2/4] Update ConfigureServices - call RegisterForwardedHeaders --- src/Skoruba.IdentityServer4.STS.Identity/Startup.cs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Skoruba.IdentityServer4.STS.Identity/Startup.cs b/src/Skoruba.IdentityServer4.STS.Identity/Startup.cs index 8a535b0f7..189f18276 100644 --- a/src/Skoruba.IdentityServer4.STS.Identity/Startup.cs +++ b/src/Skoruba.IdentityServer4.STS.Identity/Startup.cs @@ -41,6 +41,8 @@ public void ConfigureServices(IServiceCollection services) // Add email senders which is currently setup for SendGrid and SMTP services.AddEmailSenders(Configuration); + RegisterForwardedHeaders(services); + // Add services for authentication, including Identity model and external providers RegisterAuthentication(services); From 8315f77f261e726c37db092a376b685bba177dfa Mon Sep 17 00:00:00 2001 From: Martinus Suherman Date: Wed, 4 Jan 2023 14:42:04 +0700 Subject: [PATCH 3/4] Update UseSecurityHeaders - remove app.UseForwardedHeaders call --- .../Helpers/StartupHelpers.cs | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/src/Skoruba.IdentityServer4.STS.Identity/Helpers/StartupHelpers.cs b/src/Skoruba.IdentityServer4.STS.Identity/Helpers/StartupHelpers.cs index aeb2a9d6e..27de18b02 100644 --- a/src/Skoruba.IdentityServer4.STS.Identity/Helpers/StartupHelpers.cs +++ b/src/Skoruba.IdentityServer4.STS.Identity/Helpers/StartupHelpers.cs @@ -96,16 +96,6 @@ public static IMvcBuilder AddMvcWithLocalization(this IServiceColle /// public static void UseSecurityHeaders(this IApplicationBuilder app, IConfiguration configuration) { - var forwardingOptions = new ForwardedHeadersOptions() - { - ForwardedHeaders = ForwardedHeaders.All - }; - - forwardingOptions.KnownNetworks.Clear(); - forwardingOptions.KnownProxies.Clear(); - - app.UseForwardedHeaders(forwardingOptions); - app.UseReferrerPolicy(options => options.NoReferrer()); // CSP Configuration to be able to use external resources From bb7668be8a8257d000087f7e6763ae9a2bc8479c Mon Sep 17 00:00:00 2001 From: Martinus Suherman Date: Wed, 4 Jan 2023 14:45:19 +0700 Subject: [PATCH 4/4] Update Configure - call app.UseForwardedHeaders before other middleware - ref: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer --- src/Skoruba.IdentityServer4.STS.Identity/Startup.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Skoruba.IdentityServer4.STS.Identity/Startup.cs b/src/Skoruba.IdentityServer4.STS.Identity/Startup.cs index 189f18276..7c989605b 100644 --- a/src/Skoruba.IdentityServer4.STS.Identity/Startup.cs +++ b/src/Skoruba.IdentityServer4.STS.Identity/Startup.cs @@ -62,6 +62,7 @@ public void ConfigureServices(IServiceCollection services) public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { + app.UseForwardedHeaders(); app.UseCookiePolicy(); if (env.IsDevelopment())