Switch to server mode

damienbod · Apr 7, 2024 · 1ddab42 · 1ddab42
1 parent 86d690d
commit 1ddab42
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 6 deletions.
diff --git a/BlazorWebAppOidc/Components/App.razor b/BlazorWebAppOidc/Components/App.razor
@@ -1,4 +1,5 @@
-<!DOCTYPE html>
+@inject BlazorNonceService BlazorNonceService
+<!DOCTYPE html>
 <html lang="en">
 
 <head>
@@ -9,12 +10,38 @@
     <link rel="stylesheet" href="app.css" />
     <link rel="stylesheet" href="BlazorWebAppOidc.styles.css" />
     <link rel="icon" type="image/png" href="favicon.png" />
-    <HeadOutlet @rendermode="InteractiveAuto" />
+    <HeadOutlet @rendermode="InteractiveServer" />
 </head>
-
 <body>
-    <Routes @rendermode="InteractiveAuto" />
-    <script src="_framework/blazor.web.js"></script>
-</body>
+    <Routes @rendermode="InteractiveServer" />
 
+    <script nonce="@BlazorNonceService.Nonce" src="_framework/blazor.web.js"></script>
+</body>
 </html>
+
+@code
+{
+    /// <summary>
+    /// Original src: https://github.com/javiercn/BlazorWebNonceService
+    /// </summary>
+    [CascadingParameter] HttpContext Context { get; set; } = default!;
+
+    protected override void OnInitialized()
+    {
+        var nonce = GetNonce();
+        if (nonce != null)
+        {
+            BlazorNonceService.SetNonce(nonce);
+        }
+    }
+
+    public string? GetNonce()
+    {
+        if (Context.Items.TryGetValue("nonce", out var item) && item is string nonce and not null)
+        {
+            return nonce;
+        }
+
+        return null;
+    }
+}
diff --git a/BlazorWebAppOidc/Components/_Imports.razor b/BlazorWebAppOidc/Components/_Imports.razor
@@ -9,3 +9,4 @@
 @using BlazorWebAppOidc
 @using BlazorWebAppOidc.Client
 @using BlazorWebAppOidc.Components
+@using BlazorWebAppOidc.CspServices
diff --git a/BlazorWebAppOidc/Program.cs b/BlazorWebAppOidc/Program.cs
@@ -9,6 +9,9 @@
 using BlazorWebAppOidc.Client.Weather;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
+using BlazorWebAppOidc.CspServices;
+using Microsoft.AspNetCore.Components.Server.Circuits;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 
 const string OIDC_SCHEME = "MicrosoftOidc";
 
@@ -53,6 +56,11 @@
 builder.Services.AddRazorComponents()
     .AddInteractiveServerComponents();
 
+builder.Services.TryAddEnumerable(ServiceDescriptor.Scoped<CircuitHandler, BlazorNonceService>(sp =>
+     sp.GetRequiredService<BlazorNonceService>()));
+
+builder.Services.AddScoped<BlazorNonceService>();
+
 builder.Services.AddScoped<AuthenticationStateProvider, PersistingAuthenticationStateProvider>();
 
 builder.Services.AddScoped<IWeatherForecaster, ServerWeatherForecaster>();
@@ -77,6 +85,12 @@
 
 app.UseHttpsRedirection();
 
+app.UseSecurityHeaders(
+    SecurityHeadersDefinitions.GetHeaderPolicyCollection(app.Environment.IsDevelopment(),
+        app.Configuration["OpenIDConnectSettings:Authority"]));
+
+app.UseMiddleware<NonceMiddleware>();
+
 app.UseStaticFiles();
 app.UseAntiforgery();