Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: Update the health check UI sample to use SSL #2246

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

refactor: Update the health check UI sample to use SSL #2246

wants to merge 6 commits into from

Conversation

Jamie-Clayton
Copy link
Contributor

@Jamie-Clayton Jamie-Clayton commented Jun 23, 2024
edited
Loading

Special notes for your reviewer:

  • Uncovered while enforcing SSL by default on IIS servers in production environments
  • Found it difficult to quickly resolve the configuration across multiple build profiles
  • Migration from net 6 to 8 uncovered changes to the ports used in v7 used by asp.net.
  • Uses conventional commits prefix in commit comments.
  • 1861 unit tests run locally with a few hiccups. I'm assuming you need to use the .\build\docker-compose.yml to run them all locally, successfully.
  • Tries to improve the code to meet OWASP security recommendations for .net. See "A10 Server-Side Request Forgery (SSRF)" recommendations.

You should set AllowedHosts with host filtering middleware when you want to restrict your ASP.NET Core app to specific hostnames. By defining the AllowedHosts key in your configuration (e.g., appsettings.json), you can ensure that your app only responds to requests from those specific hosts. Requests from other hosts will result in a default bad request (400) response. Keep in mind that this is different from CORS, which controls external origins that can access your app’s resources. If you need to manage cross-origin requests, use CORS; if you want to limit your app to specific hosts, use AllowedHosts.

Does this PR introduce a user-facing change?:
Indirectly, it encourages the use of https in the web browser when running Health Checks

Please make sure you've completed the relevant tasks for this PR, out of the following list:

  • Code compiles correctly
  • Created/updated tests
  • Unit tests passing
  • End-to-end tests passing
  • Extended the documentation
  • Provided sample for the feature

@Jamie-Clayton
refactor: Update the health check UI sample to use SSL
6fb1974 
* Encourage health checks samples to be secure by design
* Include the health check JSON endpoint in the sample UI.
@Jamie-Clayton
refactor: Cleanup sample appsettings
7bd41b6 
* Sort entries
* Add AllowedHosts entry
* Add Logging entry (observability)
* Add TODO tags with recommendations for engineers following the examples.
@Jamie-Clayton
refactor: Return WebHooks settings to previous case
3fcd09a
@Jamie-Clayton
refactor: update all sample projects to use SSL
e3f8374
@Jamie-Clayton
chore: Remove redundant configuration from appsettings
1a9214b
@Jamie-Clayton
fix: WebHooks configuration typos in json
ab0eaf1 
* Ensure we have 2 webhook endpoints
* Ensure the UI displays the webhooks information
* Unable to find UIWebHooksApiMiddleware unit tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sungam3r sungam3r Awaiting requested review from sungam3r

@unaizorrilla unaizorrilla Awaiting requested review from unaizorrilla

Assignees
No one assigned
Labels
samples
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Jamie-Clayton