From 341cb175a9d33613fc1f3e1dbbaaf65214350da0 Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Mon, 29 Sep 2025 10:34:52 +0200
Subject: [PATCH] refactor(appsettings): add appsettings.Security

---
 EnvelopeGenerator.Web/EnvelopeGenerator.Web.csproj |  3 +++
 EnvelopeGenerator.Web/appsettings.Security.json    | 14 ++++++++++++++
 EnvelopeGenerator.Web/appsettings.json             | 12 ------------
 3 files changed, 17 insertions(+), 12 deletions(-)
 create mode 100644 EnvelopeGenerator.Web/appsettings.Security.json

diff --git a/EnvelopeGenerator.Web/EnvelopeGenerator.Web.csproj b/EnvelopeGenerator.Web/EnvelopeGenerator.Web.csproj
index 415987b3..438fc960 100644
--- a/EnvelopeGenerator.Web/EnvelopeGenerator.Web.csproj
+++ b/EnvelopeGenerator.Web/EnvelopeGenerator.Web.csproj
@@ -2133,6 +2133,9 @@
 	</ItemGroup>
 
 	<ItemGroup>
+		<Content Update="appsettings.Security.json">
+		  <CopyToOutputDirectory>Never</CopyToOutputDirectory>
+		</Content>
 		<Content Update="appsettings.UI.json">
 		  <CopyToOutputDirectory>Never</CopyToOutputDirectory>
 		</Content>
diff --git a/EnvelopeGenerator.Web/appsettings.Security.json b/EnvelopeGenerator.Web/appsettings.Security.json
new file mode 100644
index 00000000..7f8ef259
--- /dev/null
+++ b/EnvelopeGenerator.Web/appsettings.Security.json
@@ -0,0 +1,14 @@
+{
+  "Content-Security-Policy": [ // The first format parameter {0} will be replaced by the nonce value.
+    "default-src 'self'",
+    "script-src 'self' 'nonce-{0}' 'unsafe-eval'",
+    "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:*",
+    "img-src 'self' data: https: blob:",
+    "font-src 'self' https://fonts.gstatic.com:*",
+    "connect-src 'self' https://nominatim.openstreetmap.org:* http://localhost:* https://localhost:* ws://localhost:* wss://localhost:* blob:",
+    "frame-src 'self'",
+    "media-src 'self'",
+    "object-src 'self'"
+  ],
+  "AllowedOrigins": [ "https://localhost:7202", "https://digitale.unterschrift.wisag.de/" ]
+}
\ No newline at end of file
diff --git a/EnvelopeGenerator.Web/appsettings.json b/EnvelopeGenerator.Web/appsettings.json
index 0e575c81..5c673f77 100644
--- a/EnvelopeGenerator.Web/appsettings.json
+++ b/EnvelopeGenerator.Web/appsettings.json
@@ -11,18 +11,6 @@
       "Microsoft.AspNetCore.Hosting.Diagnostics": "Warning"
     }
   },
-  "Content-Security-Policy": [ // The first format parameter {0} will be replaced by the nonce value.
-    "default-src 'self'",
-    "script-src 'self' 'nonce-{0}' 'unsafe-eval'",
-    "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:*",
-    "img-src 'self' data: https: blob:",
-    "font-src 'self' https://fonts.gstatic.com:*",
-    "connect-src 'self' https://nominatim.openstreetmap.org:* http://localhost:* https://localhost:* ws://localhost:* wss://localhost:* blob:",
-    "frame-src 'self'",
-    "media-src 'self'",
-    "object-src 'self'"
-  ],
-  "AllowedOrigins": [ "https://localhost:7202", "https://digitale.unterschrift.wisag.de/" ],
   "NLog": {
     "throwConfigExceptions": true,
     "variables": {