I've got the following API Controller:
[ApiController][Route("api")]public class ItemsController : Controller{ private readonly ApplicationDbContext _context; public ItemsController(ApplicationDbContext context) { _context = context; } [HttpGet("Items")] public IEnumerable<Item> Get() { var items = _context.Items.ToArray(); return items; } [HttpPost("Item")] public async Task<ActionResult> UpdateEmployee(Item item) { try { _context.Items.Add(item); var res = await _context.SaveChangesAsync(); if (res > 0) return Ok(); else return StatusCode(StatusCodes.Status500InternalServerError); } catch (Exception ex) { return StatusCode(StatusCodes.Status500InternalServerError,"Error updating data"); } }}I can call the GET method from Firefox no problem but when I try to call the POST method I get an error about violating "default-src 'none'".
I have then added the following:
app.Use(async (context, next) =>{ context.Response.Headers.Append("Content-Security-Policy", "default-src * 'unsafe-inline''unsafe-eval'; script-src * 'unsafe-inline''unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';"); await next();});But now I get a non-expressive json+problem response and the code is not executed.
I do not know how to proceed from here.