.NET Framework
88 Topicsunable to load the css and javascripts when we use Content-Security-Policy in custom headers
https://itcui2022.revalweb.com/this is my site here am using content security policy below code i have added in my web application web .config . This is the custom header code in web.config <customHeaders> <remove name="X-Powered-By" /> <remove name="Vary" /> <remove name="X-XSS-Protection" /> <add name="Vary" value="Accept-Encoding" /> <remove name="server" /> <add name="Content-Security-Policy" value="default-src 'none';script-src 'self' ;object-src 'self' 'https://www.youtube.com/embed/OBI84brdBCI';style-src 'self' ;base-uri 'self';form-action 'self';img-src https: http: ;font-src https: ; frame-ancestors 'self';"/> <add name="X-Xss-Protection" value="1; mode=block" /> <add name="Referrer-Policy" value="strict-origin" /> <add name="X-Content-Type-Options" value="nosniff" /> <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" /> <!-- <add name="X-Frame-Options" value="SAMEORIGIN" /> <add name="Permissions-Policy" value="fullscreen=()" />--> </customHeaders> So am getting below issues in console entire site design also disturbed please help me to resolve this. localhost/:1 Failed to find a valid digest in the 'integrity' attribute for resource 'http://localhost:56244/css/bootstrap.min.css' with computed SHA-384 integrity 'YXdFsF5q5GYktpRMSNNglqzoOPh17LejMdqUx5CXo84zUtjPaKjj5E1CTAINo/gk'. The resource has been blocked. localhost/:1 Failed to find a valid digest in the 'integrity' attribute for resource 'http://localhost:56244/javascripts/bootstrap.min.js' with computed SHA-384 integrity 'LG+vq3DwW7iX7BcYlMMlJ2l3yRf5XT8RtkvDeGZJHSNNiF7KSTtg0yQKiLqNFm4V'. The resource has been blocked. localhost/:23 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-CvgPuDff3Hho4hKb1ZC6y9r6+XXqbP9sOgZajf3I+F4='), or a nonce ('nonce-...') is required to enable inline execution. localhost/:78 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-UITiqbXyaWS7NpwiFrMIbdXAZy5EXLRUHkpylF4504k='), or a nonce ('nonce-...') is required to enable inline execution. localhost/:1 Refused to load the script 'http://ajax.aspnetcdn.com/ajax/4.6/1/WebForms.js' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. localhost/:96 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-CeYEunz5VQqxyULB+XWOP3sCX+mM+bzfzViw7EPtnwk='), or a nonce ('nonce-...') is required to enable inline execution. localhost/:1 Refused to load the script 'http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjax.debug.js' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. localhost/:104 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-UxpZhPiRPznGyJM1BSK89gIr0wkT40MeN0ykcKyVQzc='), or a nonce ('nonce-...') is required to enable inline execution. localhost/:109 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-2vr5KMButMK7a+bOf/ned/cPnF2yNooMulXA8E65wGw='), or a nonce ('nonce-...') is required to enable inline execution. localhost/:1 Refused to load the script 'http://ajax.aspnetcdn.com/ajax/4.6/1/MicrosoftAjaxWebForms.debug.js' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. localhost/:116 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-EpuJI/NmOAh04fBw4hE5sQRnVYZ4A9EfEP8nroT/9cM='), or a nonce ('nonce-...') is required to enable inline execution. localhost/:126 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-1Dj1GXl5SCvtMhdy8uv1Akr4WD7Y0kPmIK5ElIF9/mc='), or a nonce ('nonce-...') is required to enable inline execution. 24Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. localhost/:174 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. 42Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. 14Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-hAo6fw2WF0zjZtf7VZZQ6YI8Z3kPHD8B8b8Gtcx2oOI='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. 18The source list for the Content Security Policy directive 'object-src' contains an invalid source: ''<URL>''. It will be ignored. 18Refused to frame '<URL>' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback. localhost/:513 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-N6tSydZ64AHCaOWfwKbUhxXx2fRFDxHOaL3e3CO7GPI='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. localhost/:941 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. localhost/:977 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-7BnD9RIDXeUB9VD92tBlPwhEL1M/jh47BswRP35nxws='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. localhost/:998 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-+4oP7rS92I5ztYUBTys+bZMuh7XsZzbA8I7p/nx5hc4='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. localhost/:1020 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-vqdnKTbt/TvY3ePneXpp1hIoJNbqOs8DRqOx+stBf54='), or a nonce ('nonce-...') is required to enable inline execution. localhost/:1673 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-5TmCSWsRHHKtNC4AgS23KS5Z9SBqma0xikI6H6iJ1/Y='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. localhost/:1705 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-a41VY2GgLCaYKz1KViZdYGquxnzPLRrCGAZskHvjZCQ='), or a nonce ('nonce-...') is required to enable inline execution. localhost/:1710 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-p5EEK9dIuQvZLAPvcG9WSh/ajegn6KGDbAs3bZJTmdE='), or a nonce ('nonce-...') is required to enable inline execution. localhost/:1 Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-PSJZ21FT8N' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. localhost/:1793 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-aFDORWdyFevVNsFN1yqS+nyf7tQzWbrtxHF06snqgPQ='), or a nonce ('nonce-...') is required to enable inline execution. localhost/:1 Refused to load plugin data from 'https://www.youtube.com/embed/OBI84brdBCI' because it violates the following Content Security Policy directive: "object-src 'self' 'https://www.youtube.com/embed/OBI84brdBCI'".184Views0likes1CommentI want to update the version from.Net 6 to 8
Will the below package version will support by .net 8? <PackageReference Include="DK.Configuration.Consul" Version="1.1.0" /> <PackageReference Include="DK.Enterprise.AspNet.Mvc.HealthCheck" Version="0.1.0-rc2" /> <PackageReference Include="DK.Enterprise.DataAccess.Data.Oracle" Version="9.1.0" /> <PackageReference Include="DK.Enterprise.ProblemDetails" Version="1.6.0" /> <PackageReference Include="Dk.NLog.Targets.DkLogging.nlog5" Version="5.3.0" /> <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="6.0.10" /> <PackageReference Include="Microsoft.AspNetCore.Mvc.Versioning.ApiExplorer" Version="5.0.0" /> <PackageReference Include="NLog.Extensions.Logging" Version="5.3.11" /> <PackageReference Include="Oracle.EntityFrameworkCore" Version="6.21.61" /> <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" /> <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.4.0" />374Views0likes2CommentsCommon Reasons A C# Program Won't Run On A Clean Install Of Windows 11
So, back in 2017, someone made a C# program to help auto populate a Word Document with data from a design program. And has worked as expected. The few users that use it are on "Upgraded Windows 11" machines and one on Windows 10. If we create a new Windows 11 machine and try to run this program, it doesn't kick off. I made sure that the old PC and the new one had the same .NET as set in ADD WINDOWS FEATURES. It doesn't return an error or generate a system log. It just won't work... I am not a C# developer but I do have the source code...I tried debugging on my machine (where it will not run) and still haven't found a reason why it isn't running. It is almost a needle in a haystack but we need it resolved. Any suggestions?655Views0likes9CommentsASP.NET MVC4 to ASP.NET Core 8
Question: Should replace our DevExpress controls with supported .NET 8 controls? What are our options going forward? Background We are migrating ASP.NET 4 MVC to ASP.NET Core 8. Our application has DevExpress controls which underneath uses System.Web(.NET Framework 4.8). DevExpress controls use System.Web assembly or extend System.Web.UI.Control from that library.Regarding documentation ASP.NET Core 8 doesn't support System.Web.UI.Controls.And our code doesn't compile because of that.198Views0likes0CommentsStrategy to make app efficiently when we can't get the real time data
We have an issue in making the .NET in-house app to work effeciently. We have 2 systems, one in-house, one system from the vendor. The vendor can't provide the real time data nor can we query the real time data, they can only push the data back every 5 min. After the data is sent from in house app to vendor's system, they will process it. The issue is: the in-house app can't send the next set of data to the vendor's right away because we need the push back data for calculation and decide what needs to be sent to the other side. As a result, I have to wait 5 min for each item. It becomes unacceptable when we have 100 rows to process。 it means it will take 500 min = 8 hours. Please advise is there is a better way to do this? Your help would be greatly appreciated!235Views0likes1Comment.NET 4.8.1 signing certificates expired.
Customer is complaining that the .NET installed on their machines is not signed with a current certificate. Checked mine and the DLL signing expired in 2022. Download the installer and the installer itself expired in 2022. If there a .NET 4.8.x installer that is using current signing certificates?211Views0likes0CommentsClass library targets 4.8 and MVC project referencing that lib project targets 4.5.1?
Hello! I am in the process of upgrading a legacy application from .Net framework version 4.5 to 4.8. The solution has a couple of class library projects and an MVC project and a Web Forms project. The Web Forms & MVC projects reference the class library projects. We want to upgrade the Web Forms project to target 4.8 and therefore also decided to upgrade the class library projects to 4.8 as well. The challenge/question is.. we are not sure if the MVC project is being used at all. In order to spend our time efficiently, is it ok if we upgrade the class libraries to 4.8 and leave the MVC application to target 4.5.1?185Views0likes0Comments