Form Redirection not working after implementing CSP headers

Daniel Main asked on November 12, 2024 19:03

We have a simple contact us form that while functions mostly does not redirect to the page we want it to.

the code:

{"redirectTo":"/en-us/contact-us/thank-you/"}

Is the only thing displayed. I am sure it is the headers that is blocking it, but as we have around 100 sites I would like to have a code solution rather then add each hash (which would not work as it is different on each load) to the SCP.

Any suggestions?

Recent Answers

Juraj Ondrus answered on November 13, 2024 06:33

I would try removing the CSPs one by one to see which one is causing this. I guess some domain is not set right in the CSPs.

0 votesVote for this answer Mark as a Correct answer

Brenden Kehren answered on November 21, 2024 22:32

In our .net core sites we have this in the Startup.cs or Program.cs file:

app.Use(async (context, next) =>
{
    context.Response.Headers.Add("Content-Security-Policy", "frame-ancestors 'self' https://localhost:5000 https://*.yourdomainhere.com https://*.azurewebsites.net");
    context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
    // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
    // https://developer.mozilla.org/en-US/docs/Web/API/Topics_API
    context.Response.Headers.Add("Permissions-Policy", "browsing-topics=()");
    await next();
});

I'd highly recommend checking that first line to ensure you have the domains entered properly.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.