asp.net-corecontent-security-policyendpointasp.net-core-middleware
Content Security Policy Endpoint cspreport not found POST https://localhost:44331/cspreport returns 404 Asp.net Core
I want to add Content Security Policy reporting and for that I've followed this along.
My CspReportRequest class is:
public class CspReportRequest
{
[JsonPropertyName("csp-report")]
public CspReport CspReport { get; set; }
}
public class CspReport
{
[JsonPropertyName("document-uri")]
public string DocumentUri { get; set; }
[JsonPropertyName("referrer")]
public string Referrer { get; set; }
[JsonPropertyName("violated-directive")]
public string ViolatedDirective { get; set; }
[JsonPropertyName("effective-directive")]
public string EffectiveDirective { get; set; }
[JsonPropertyName("original-policy")]
public string OriginalPolicy { get; set; }
[JsonPropertyName("blocked-uri")]
public string BlockedUri { get; set; }
[JsonPropertyName("status-code")]
public int StatusCode { get; set; }
}
In my HomeController I have:
[HttpPost]
[Consumes("application/cspreport")]
public IActionResult CSPReport([FromBody] CspReportRequest cspReportRequest)
{
Console.WriteLine(cspReportRequest);
return Ok();
}
And to avoid 415 errors I've also implemented
services.AddControllersWithViews().AddMvcOptions(options =>
{
var jsonInputFormatter = options.InputFormatters
.OfType<SystemTextJsonInputFormatter>()
.Single();
jsonInputFormatter.SupportedMediaTypes.Add("application/csp-report");
});
My context.Response.Headers, simplified for brevity:
context.Response.Headers.Add(
"Content-Security-Policy-Report-Only",
"default-src 'self' ;" +
"script-src-elem 'self' ;" +
"script-src 'self' ;" +
"style-src-elem 'self' ;" +
"img-src 'self' " +
"font-src 'self' " +
"media-src 'self' ;" +
"frame-src 'self' ;" +
"connect-src 'self' " +
"object-src 'none' ;" +
"base-uri 'self' ;" +
"report-uri /cspreport ;"
);
My problem is that I see the CSP Request using the developers tools but with a 404 error. If I try with Postman I get the same error as well.
What am I doing wrong?
Solution
Your URL in not correct,if you did not change the default route settings,the correct URL should be https://localhost:44331/Home/Cspreport
you could read the document related :https://learn.microsoft.com/en-us/aspnet/core/fundamentals/routing?view=aspnetcore-5.0#route-template-reference
- Redis cache in .NET 8 is not taking effect?
- Use React Authentication with .NET backend?
- List users with roles in a razor page using asp.net 6.0 Identity
- Correct handling of formless AJAX POST and AntiForgery in C# Razor Pages
- how to load partial view in ajax in asp.net core
- Entity Framework Core multiple connection strings on same DBContext?
- error A value of type 'int' cannot be used as a default parameter because there are no standard conversions to type
- What is this string inside Blazor components HTML tag
- Blazor Server: Breadcrumb change using JavaScript persists across pages
- .net blazor new debug profile lacks .css .js why?
- How to get results from a Postgresql function using EF Core?
- ASP Net identity two factor authentication last expired token is getting validated successfully
- Why string property must be declared as nullable string in Entity Framework Core when corresponding database table column is nullable
- HTTP Error 500.30 - ASP.NET Core app failed to start(abp-commercial)
- How to Configure Swagger to Display Different Model Classes Based on Content Type in .NET API
- How to register multiple implementations of the same interface with different dependencies
- How to remove UserName field from asp.net core 3 Identity
- Difference between BadRequestResult and BadRequestObjectResult
- Where do custom metrics I did not set come from
- How to force Visual Studio to re-create the SSL certificate for a .NET Core Web Application running Kestrel?
- How to map a user attribute to a standard OIDC claim in keycloak
- How to mock service injected by HttpContext.RequestServices.GetService<> in derived controller?
- ASP. NET Core 8: Error HTTP 500 and returnurl=%2F in the URL
- Asp Core, How to use PagingList<T>.CreateAsync() with a viewModel?
- Why is Application Insights showing no events
- ASP.NET Core - error 404.15 after adding authorization services
- Why am I getting this Content Policy error?
- SignalR hub connection StateChanged not working client
- Why is this API considered having ambiguous method/path combination when the names and routes are different?
- How to use "TypedHttpClientFactory" with "AddHttpMessageHandler"?