I’m currently implementing CIS2 separate auth and have created a config in connection manager with a local host redirect.
I can happily redirect and authenticate but then I end up on the authorize page with “Submit this form” as the title and a console error of “Sending form data to ‘https://localhost:7042/Authentication/NHSCallback’ violates the following Content Security Policy directive: “form-action ‘self’ https://nhsmailmo.b2clogin.com/nhsmailmo.onmicrosoft.com/oauth2/authresp.”
How can I get past this?
We don’t support form-post as a return method as we enforce CSP. Please use query parameter instead or reach out to our onboarding team
Hi John, I am redirecting using a get method. I then go through the while NHS authentication process using a security key. The error seems to be how it a then tries to return to my application https://localhost:7042/Authentication/NHSCallback. This is my redirect url.
I’ve figured it out if anyone else comes across this issue. I am using .Net and using the .Net tutorial example which it would seem is out of date.
When you are configuring authorisation in the AddOpenIdConnect method do this:
options.ResponseMode = OpenIdConnectResponseMode.Query;
options.ResponseType = OpenIdConnectResponseType.Code;
Then life is good.