From b5e2775d913095aec03a01a441469e1e6716a1ac Mon Sep 17 00:00:00 2001 From: Benjamin Michaelis Date: Mon, 14 Apr 2025 12:32:41 -0700 Subject: [PATCH 1/6] test --- EssentialCSharp.Web/Program.cs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/EssentialCSharp.Web/Program.cs b/EssentialCSharp.Web/Program.cs index 310ed18f..7689298a 100644 --- a/EssentialCSharp.Web/Program.cs +++ b/EssentialCSharp.Web/Program.cs @@ -126,13 +126,11 @@ private static void Main(string[] args) { microsoftoptions.ClientId = configuration["authentication:microsoft:clientid"] ?? throw new InvalidOperationException("authentication:microsoft:clientid unexpectedly null"); microsoftoptions.ClientSecret = configuration["authentication:microsoft:clientsecret"] ?? throw new InvalidOperationException("authentication:microsoft:clientsecret unexpectedly null"); - microsoftoptions.CallbackPath = "/signin-microsoft"; }) .AddGitHub(o => { o.ClientId = configuration["authentication:github:clientId"] ?? throw new InvalidOperationException("github:clientId unexpectedly null"); o.ClientSecret = configuration["authentication:github:clientSecret"] ?? throw new InvalidOperationException("github:clientSecret unexpectedly null"); - o.CallbackPath = "/signin-github"; // Grants access to read a user's profile data. // https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps @@ -176,8 +174,8 @@ private static void Main(string[] args) return next(context); }); - app.MapDefaultControllerRoute(); app.MapRazorPages(); + app.MapDefaultControllerRoute(); app.MapControllerRoute( name: "slug", From c478ba951ab7daba620b014e965add437df72633 Mon Sep 17 00:00:00 2001 From: Benjamin Michaelis Date: Wed, 16 Apr 2025 09:45:50 -0700 Subject: [PATCH 2/6] try another thing --- EssentialCSharp.Web/Controllers/HomeController.cs | 4 +++- EssentialCSharp.Web/Program.cs | 12 +++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/EssentialCSharp.Web/Controllers/HomeController.cs b/EssentialCSharp.Web/Controllers/HomeController.cs index 2d36d2cb..21b9d903 100644 --- a/EssentialCSharp.Web/Controllers/HomeController.cs +++ b/EssentialCSharp.Web/Controllers/HomeController.cs @@ -9,8 +9,10 @@ namespace EssentialCSharp.Web.Controllers; public class HomeController(ILogger logger, IWebHostEnvironment hostingEnvironment, ISiteMappingService siteMappingService, IHttpContextAccessor httpContextAccessor) : Controller { - public IActionResult Index(string key) + public IActionResult Index() { + string? key = Request.Path.Value?.TrimStart('/'); + // if no key (default case), then load up home page SiteMapping? siteMapping = siteMappingService.SiteMappings.Find(key); diff --git a/EssentialCSharp.Web/Program.cs b/EssentialCSharp.Web/Program.cs index 7689298a..ef518776 100644 --- a/EssentialCSharp.Web/Program.cs +++ b/EssentialCSharp.Web/Program.cs @@ -167,7 +167,7 @@ private static void Main(string[] args) app.UseAuthentication(); app.UseAuthorization(); app.UseMiddleware(); - + app.Use((context, next) => { context.Request.Scheme = "https"; @@ -175,12 +175,10 @@ private static void Main(string[] args) }); app.MapRazorPages(); - app.MapDefaultControllerRoute(); - - app.MapControllerRoute( - name: "slug", - pattern: "{*key}", - defaults: new { controller = "Home", action = "Index" }); + app.MapDefaultControllerRoute(); + + + app.MapFallbackToController("Index", "Home"); app.Run(); } From 22fb508ac879169c22c26b4be3b6c71ebc5a7a8a Mon Sep 17 00:00:00 2001 From: Benjamin Michaelis Date: Wed, 16 Apr 2025 12:48:45 -0700 Subject: [PATCH 3/6] update --- EssentialCSharp.Web/Program.cs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/EssentialCSharp.Web/Program.cs b/EssentialCSharp.Web/Program.cs index ef518776..57267bce 100644 --- a/EssentialCSharp.Web/Program.cs +++ b/EssentialCSharp.Web/Program.cs @@ -145,6 +145,11 @@ private static void Main(string[] args) }); WebApplication app = builder.Build(); + app.Use((context, next) => + { + context.Request.Scheme = "https"; + return next(context); + }); app.UseForwardedHeaders(); @@ -168,11 +173,6 @@ private static void Main(string[] args) app.UseAuthorization(); app.UseMiddleware(); - app.Use((context, next) => - { - context.Request.Scheme = "https"; - return next(context); - }); app.MapRazorPages(); app.MapDefaultControllerRoute(); From eb5f577addb20c76d4646f6dc2682087cde88044 Mon Sep 17 00:00:00 2001 From: Benjamin Michaelis Date: Thu, 17 Apr 2025 09:25:17 -0700 Subject: [PATCH 4/6] teset --- EssentialCSharp.Web/Program.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EssentialCSharp.Web/Program.cs b/EssentialCSharp.Web/Program.cs index 57267bce..90b80fa1 100644 --- a/EssentialCSharp.Web/Program.cs +++ b/EssentialCSharp.Web/Program.cs @@ -145,13 +145,13 @@ private static void Main(string[] args) }); WebApplication app = builder.Build(); + app.UseForwardedHeaders(); app.Use((context, next) => { context.Request.Scheme = "https"; return next(context); }); - app.UseForwardedHeaders(); // Configure the HTTP request pipeline. if (!app.Environment.IsDevelopment()) From 20db8fece91db97c37b52ec196f68714a4f3e006 Mon Sep 17 00:00:00 2001 From: Benjamin Michaelis Date: Thu, 17 Apr 2025 10:20:07 -0700 Subject: [PATCH 5/6] another test --- EssentialCSharp.Web/Program.cs | 37 +++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/EssentialCSharp.Web/Program.cs b/EssentialCSharp.Web/Program.cs index 90b80fa1..bb172128 100644 --- a/EssentialCSharp.Web/Program.cs +++ b/EssentialCSharp.Web/Program.cs @@ -17,7 +17,14 @@ public partial class Program { private static void Main(string[] args) { - WebApplicationBuilder builder = WebApplication.CreateBuilder(args); + WebApplicationBuilder builder = WebApplication.CreateBuilder(args); + + builder.Services.Configure(options => + { + options.ForwardedHeaders = + ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; + }); + ConfigurationManager configuration = builder.Configuration; string connectionString = builder.Configuration.GetConnectionString("EssentialCSharpWebContextConnection") ?? throw new InvalidOperationException("Connection string 'EssentialCSharpWebContextConnection' not found."); @@ -138,29 +145,31 @@ private static void Main(string[] args) }); } - builder.Services.Configure(options => - { - options.ForwardedHeaders = - ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; - }); - - WebApplication app = builder.Build(); - app.UseForwardedHeaders(); - app.Use((context, next) => - { - context.Request.Scheme = "https"; - return next(context); - }); + WebApplication app = builder.Build(); // Configure the HTTP request pipeline. if (!app.Environment.IsDevelopment()) { app.UseExceptionHandler("/Error"); + app.UseForwardedHeaders(); app.UseHsts(); app.UseSecurityHeadersMiddleware(new SecurityHeadersBuilder() .AddDefaultSecurePolicy()); } + else + { + app.UseDeveloperExceptionPage(); + app.UseForwardedHeaders(); + } + + //app.Use((context, next) => + //{ + // context.Request.Scheme = "https"; + // return next(context); + //}); + + app.MapHealthChecks("/healthz"); From e96833d87675bd704aac1c3755df579f7894f2ad Mon Sep 17 00:00:00 2001 From: Benjamin Michaelis Date: Thu, 17 Apr 2025 10:38:43 -0700 Subject: [PATCH 6/6] another test --- EssentialCSharp.Web/Program.cs | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/EssentialCSharp.Web/Program.cs b/EssentialCSharp.Web/Program.cs index bb172128..134c57be 100644 --- a/EssentialCSharp.Web/Program.cs +++ b/EssentialCSharp.Web/Program.cs @@ -23,6 +23,12 @@ private static void Main(string[] args) { options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; + + // Only loopback proxies are allowed by default. + // Clear that restriction because forwarders are enabled by explicit + // configuration. + options.KnownNetworks.Clear(); + options.KnownProxies.Clear(); }); ConfigurationManager configuration = builder.Configuration; @@ -161,15 +167,7 @@ private static void Main(string[] args) { app.UseDeveloperExceptionPage(); app.UseForwardedHeaders(); - } - - //app.Use((context, next) => - //{ - // context.Request.Scheme = "https"; - // return next(context); - //}); - - + } app.MapHealthChecks("/healthz"); @@ -186,7 +184,6 @@ private static void Main(string[] args) app.MapRazorPages(); app.MapDefaultControllerRoute(); - app.MapFallbackToController("Index", "Home"); app.Run();