From bf219751f415f91e652d6ecfa25ea813d901e73d Mon Sep 17 00:00:00 2001 From: jaybeeelsdon Date: Tue, 3 Dec 2024 15:10:38 +0000 Subject: [PATCH] fix: forgery warnng (#881) --- src/DARE-API/Program.cs | 4 ++++ src/DARE-FrontEnd/Program.cs | 6 +++++- src/Data-Egress-API/Program.cs | 4 ++++ src/Data-Egress-UI/Program.cs | 4 ++++ src/TRE-API/Program.cs | 4 ++++ src/TRE-UI/Program.cs | 4 ++++ 6 files changed, 25 insertions(+), 1 deletion(-) diff --git a/src/DARE-API/Program.cs b/src/DARE-API/Program.cs index 25b6904b5..b57d56222 100644 --- a/src/DARE-API/Program.cs +++ b/src/DARE-API/Program.cs @@ -24,6 +24,7 @@ using NETCore.MailKit.Extensions; using NETCore.MailKit.Infrastructure.Internal; using BL.Models; +using Microsoft.AspNetCore.DataProtection; var builder = WebApplication.CreateBuilder(args); @@ -49,6 +50,9 @@ { Log.Warning("{Function} Disabling Anti Forgery token. Only do if testing", "Main"); builder.Services.AddAntiforgery(options => options.SuppressXFrameOptionsHeader = true); + builder.Services.AddDataProtection() + .PersistKeysToFileSystem(new DirectoryInfo("/root/.aspnet/DataProtection-Keys")) + .DisableAutomaticKeyGeneration(); } //Add Services AddServices(builder); diff --git a/src/DARE-FrontEnd/Program.cs b/src/DARE-FrontEnd/Program.cs index 0d92d62c5..20204315c 100644 --- a/src/DARE-FrontEnd/Program.cs +++ b/src/DARE-FrontEnd/Program.cs @@ -19,6 +19,7 @@ using Newtonsoft.Json; using DARE_FrontEnd.Models; using DARE_FrontEnd.Services; +using Microsoft.AspNetCore.DataProtection; var builder = WebApplication.CreateBuilder(args); IdentityModelEventSource.ShowPII = true; @@ -67,7 +68,10 @@ { Log.Warning("{Function} Disabling Anti Forgery token. Only do if testing", "Main"); builder.Services.AddAntiforgery(options => options.SuppressXFrameOptionsHeader = true); -} + builder.Services.AddDataProtection() + .PersistKeysToFileSystem(new DirectoryInfo("/root/.aspnet/DataProtection-Keys")) + .DisableAutomaticKeyGeneration(); + } //add services here builder.Services.AddScoped(); diff --git a/src/Data-Egress-API/Program.cs b/src/Data-Egress-API/Program.cs index 7ebcd3700..fbefc41ae 100644 --- a/src/Data-Egress-API/Program.cs +++ b/src/Data-Egress-API/Program.cs @@ -19,6 +19,7 @@ using NETCore.MailKit.Extensions; using NETCore.MailKit.Infrastructure.Internal; using BL.Models; +using Microsoft.AspNetCore.DataProtection; var builder = WebApplication.CreateBuilder(args); ConfigurationManager configuration = builder.Configuration; @@ -30,6 +31,9 @@ { Log.Warning("{Function} Disabling Anti Forgery token. Only do if testing", "Main"); builder.Services.AddAntiforgery(options => options.SuppressXFrameOptionsHeader = true); + builder.Services.AddDataProtection() + .PersistKeysToFileSystem(new DirectoryInfo("/root/.aspnet/DataProtection-Keys")) + .DisableAutomaticKeyGeneration(); } // Add services to the container. diff --git a/src/Data-Egress-UI/Program.cs b/src/Data-Egress-UI/Program.cs index 11a193621..aea81d9f0 100644 --- a/src/Data-Egress-UI/Program.cs +++ b/src/Data-Egress-UI/Program.cs @@ -14,6 +14,7 @@ using Microsoft.IdentityModel.Tokens; using Newtonsoft.Json; using BL.Models; +using Microsoft.AspNetCore.DataProtection; var builder = WebApplication.CreateBuilder(args); ConfigurationManager configuration = builder.Configuration; @@ -27,6 +28,9 @@ { Log.Warning("{Function} Disabling Anti Forgery token. Only do if testing", "Main"); builder.Services.AddAntiforgery(options => options.SuppressXFrameOptionsHeader = true); + builder.Services.AddDataProtection() + .PersistKeysToFileSystem(new DirectoryInfo("/root/.aspnet/DataProtection-Keys")) + .DisableAutomaticKeyGeneration(); } IdentityModelEventSource.ShowPII = true; diff --git a/src/TRE-API/Program.cs b/src/TRE-API/Program.cs index 9767272bd..08b93b599 100644 --- a/src/TRE-API/Program.cs +++ b/src/TRE-API/Program.cs @@ -28,6 +28,7 @@ using TRE_API.Models; using TREAPI.Services; using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.DataProtection; var builder = WebApplication.CreateBuilder(args); @@ -40,6 +41,9 @@ { Log.Warning("{Function} Disabling Anti Forgery token. Only do if testing", "Main"); builder.Services.AddAntiforgery(options => options.SuppressXFrameOptionsHeader = true); + builder.Services.AddDataProtection() + .PersistKeysToFileSystem(new DirectoryInfo("/root/.aspnet/DataProtection-Keys")) + .DisableAutomaticKeyGeneration(); } // Add services to the container. diff --git a/src/TRE-UI/Program.cs b/src/TRE-UI/Program.cs index f7fa164c8..d844749a0 100644 --- a/src/TRE-UI/Program.cs +++ b/src/TRE-UI/Program.cs @@ -14,6 +14,7 @@ using Microsoft.IdentityModel.Tokens; using Newtonsoft.Json; using Microsoft.AspNetCore.CookiePolicy; +using Microsoft.AspNetCore.DataProtection; var builder = WebApplication.CreateBuilder(args); ConfigurationManager configuration = builder.Configuration; @@ -27,6 +28,9 @@ { Log.Warning("{Function} Disabling Anti Forgery token. Only do if testing", "Main"); builder.Services.AddAntiforgery(options => options.SuppressXFrameOptionsHeader = true); + builder.Services.AddDataProtection() + .PersistKeysToFileSystem(new DirectoryInfo("/root/.aspnet/DataProtection-Keys")) + .DisableAutomaticKeyGeneration(); } //builder.Host.UseSerilog(); IdentityModelEventSource.ShowPII = true;