From 87001ed08f15c0bf7805e7471f6bc2ef8c977f5c Mon Sep 17 00:00:00 2001 From: Aloento <11802769+Aloento@users.noreply.github.com> Date: Thu, 27 Jun 2024 12:05:11 +0200 Subject: [PATCH] Updated configuration and dependencies to enhance security Updated the configuration and dependencies of the StatusDashboard project to improve the security and environment suitability of the code. The main changes include removing the cookie policy configuration, enabling LettuceEncrypt only in non-development environments, updating the KeycloakWebApp method call parameters, and adding new package references and configuration entries to the project files and configuration. These changes are intended to optimize security configurations, improve HTTPS certificate management, and increase the flexibility and security of projects in different environments. --- Program.cs | 15 ++++++--------- StatusDashboard.csproj | 1 + appsettings.Development.json | 3 ++- appsettings.Production.json | 8 +++++++- appsettings.json | 1 - 5 files changed, 16 insertions(+), 12 deletions(-) diff --git a/Program.cs b/Program.cs index e0c4d93..68360b9 100644 --- a/Program.cs +++ b/Program.cs @@ -15,19 +15,17 @@ .ValidateDataAnnotations() .ValidateOnStart(); -builder.Services.Configure(x => { - x.CheckConsentNeeded = _ => true; - x.MinimumSameSitePolicy = SameSiteMode.Unspecified; -}); +if (!builder.Environment.IsDevelopment()) + builder.Services.AddLettuceEncrypt(); builder.Services .AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddKeycloakWebApp( builder.Configuration.GetSection(KeycloakAuthenticationOptions.Section), - configureOpenIdConnectOptions: options => { - options.SaveTokens = true; - options.ResponseType = OpenIdConnectResponseType.Code; - options.Events = new() { + configureOpenIdConnectOptions: x => { + x.SaveTokens = true; + x.ResponseType = OpenIdConnectResponseType.Code; + x.Events = new() { OnSignedOutCallbackRedirect = context => { context.Response.Redirect("/"); context.HandleResponse(); @@ -70,7 +68,6 @@ } app.UseHttpsRedirection(); -app.UseCookiePolicy(); app.UseStaticFiles(); app.UseAntiforgery(); diff --git a/StatusDashboard.csproj b/StatusDashboard.csproj index e561520..00d3bfd 100644 --- a/StatusDashboard.csproj +++ b/StatusDashboard.csproj @@ -29,6 +29,7 @@ + diff --git a/appsettings.Development.json b/appsettings.Development.json index bc91bcf..02e61d7 100644 --- a/appsettings.Development.json +++ b/appsettings.Development.json @@ -6,5 +6,6 @@ "Microsoft.EntityFrameworkCore": "Information", "Microsoft.Extensions.Http.DefaultHttpClientFactory": "Information" } - } + }, + "AllowedHosts": "*" } diff --git a/appsettings.Production.json b/appsettings.Production.json index 9a017db..730c9b5 100644 --- a/appsettings.Production.json +++ b/appsettings.Production.json @@ -1,3 +1,9 @@ { - "urls": "http://*:3389" + "urls": "http://sd.aloen.to;https://sd.aloen.to", + "AllowedHosts": "sd.aloen.to", + "LettuceEncrypt": { + "AcceptTermsOfService": true, + "DomainNames": [ "sd.aloen.to" ], + "EmailAddress": "me@aloen.to" + } } diff --git a/appsettings.json b/appsettings.json index 642fd8c..9d14c6b 100644 --- a/appsettings.json +++ b/appsettings.json @@ -8,7 +8,6 @@ "Microsoft.EntityFrameworkCore": "Warning" } }, - "AllowedHosts": "*", "ConnectionStrings": { "DefaultConnection": "DataSource=shared;mode=memory;cache=shared" },