.NET10 problem with Content-Security-Policy #64511
Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
when i update our existing .Net8 Blazor project to .Net10 i am getting double Content-Security-Policies in my Response Headers.
We need to expand the basic policy from "frame-ancestors 'self'" to "frame-ancestors 'self' https://oursite.com".
previously in our Program.cs file we were doing the following and it was showing only one Content-Security-Policy but now has two. one with the updated policy and one with the basic policy. is the following code no longer supporting in .NET10?
app.Use(async (context, next) =>
{
context.Response.Headers.Remove("Content-Security-Policy");
context.Response.Headers.Add("Content-Security-Policy", "frame-ancestors 'self' https://oursite.com");
await next();
});
Expected Behavior
After updating the Program.cs to update the Content Security Policy there should be only one policy in the Response Headers.
Steps To Reproduce
add the following to the Program.cs in a .NET10 Blazor project.
app.Use(async (context, next) =>
{
context.Response.Headers.Remove("Content-Security-Policy");
context.Response.Headers.Add("Content-Security-Policy", "frame-ancestors 'self' https://oursite.com");
await next();
});
Exceptions (if any)
No response
.NET Version
10.0.100
Anything else?
No response