Assign a new order to the NWebsec module to avoid invoking it for prompt=none requests

10 years ago · 3a5ef65951
3 changed files with 3 additions and 4 deletions
--- a/samples/Mvc.Server/Startup.cs
+++ b/samples/Mvc.Server/Startup.cs
@ -14,7 +14,6 @@ using NWebsec.Middleware;
 using OpenIddict;
 using OpenIddict.Models;

-
 namespace Mvc.Server {
    public class Startup {
        public static void Main(string[] args) {
--- a/src/OpenIddict.Security/OpenIddictExtensions.cs
+++ b/src/OpenIddict.Security/OpenIddictExtensions.cs
@ -16,7 +16,7 @@ namespace Microsoft.AspNet.Builder {
        public static OpenIddictBuilder UseNWebsec(
            [NotNull] this OpenIddictBuilder builder,
            [NotNull] Action<IFluentCspOptions> configuration) {
-            return builder.AddModule("NWebsec", -20, app => {
+            return builder.AddModule("NWebsec", 5, app => {
                // Insert a new middleware responsible of setting the Content-Security-Policy header.
                // See https://nwebsec.codeplex.com/wikipage?title=Configuring%20Content%20Security%20Policy&referringTitle=NWebsec
                app.UseCsp(configuration);
--- a/src/OpenIddict/OpenIddictExtensions.cs
+++ b/src/OpenIddict/OpenIddictExtensions.cs
@ -34,9 +34,9 @@ namespace Microsoft.AspNet.Builder {
            [NotNull] this IApplicationBuilder app,
            [NotNull] Action<OpenIddictBuilder> configuration) {
            return app.UseOpenIddictCore(builder => {
-                builder.UseNWebsec();
-                builder.UseCors();
                builder.UseAssets();
+                builder.UseCors();
+                builder.UseNWebsec();
                builder.UseMvc();

                configuration(builder);