Code Quality: Fix ASP0019 warnings by replacing Headers.Add with Headers.Append (#21260)

Use Append for response headers

- Replaces Add with Append when adding response headers to conform to IHeaderDictionary usage.
- Applies across unauthorized handling, redirects, and custom header signaling.
- Updates tests to use Append consistently.
- Removes ASP0019 from warnings in project configs to reflect new approach.

Author: readingdancer

src/Umbraco.Cms.Api.Delivery/Controllers/Content/ByRouteContentApiController.cs

@@ -99,8 +99,8 @@ private async Task<IActionResult> HandleRequest(string path)
 
     private IActionResult RedirectTo(IApiContentRoute redirectRoute)
     {
-        Response.Headers.Add("Location-Start-Item-Path", redirectRoute.StartItem.Path);
-        Response.Headers.Add("Location-Start-Item-Id", redirectRoute.StartItem.Id.ToString("D"));
+        Response.Headers.Append("Location-Start-Item-Path", redirectRoute.StartItem.Path);
+        Response.Headers.Append("Location-Start-Item-Id", redirectRoute.StartItem.Id.ToString("D"));
         return RedirectPermanent(redirectRoute.Path);
     }
 }

src/Umbraco.Cms.Api.Delivery/Umbraco.Cms.Api.Delivery.csproj

@@ -7,10 +7,9 @@
   <PropertyGroup>
     <!--
       TODO: Fix and remove overrides:
-      [ASP0019] use IHeaderDictionary.Append or the indexer to append or set headers
       [CS0618/CS0612] update obsolete references
     -->
-    <WarningsNotAsErrors>$(WarningsNotAsErrors),ASP0019,CS0618,CS0612</WarningsNotAsErrors>
+    <WarningsNotAsErrors>$(WarningsNotAsErrors),CS0618,CS0612</WarningsNotAsErrors>
   </PropertyGroup>
 
   <ItemGroup>

src/Umbraco.Web.Common/Filters/ModelBindingExceptionAttribute.cs

@@ -1,5 +1,6 @@
 using System.Net;
 using System.Text.RegularExpressions;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
@@ -56,7 +57,7 @@ public void OnException(ExceptionContext filterContext)
                 && (filterContext.Exception is ModelBindingException || filterContext.Exception is InvalidCastException)
                 && IsMessageAboutTheSameModelType(filterContext.Exception.Message))
             {
-                filterContext.HttpContext.Response.Headers.Add(HttpResponseHeader.RetryAfter.ToString(), "1");
+                filterContext.HttpContext.Response.Headers.Append(HttpResponseHeader.RetryAfter.ToString(), "1");
                 filterContext.Result = new RedirectResult(filterContext.HttpContext.Request.GetEncodedUrl(), false);
 
                 filterContext.ExceptionHandled = true;

src/Umbraco.Web.Common/Filters/UmbracoUserTimeoutFilterAttribute.cs

@@ -1,4 +1,5 @@
 using System.Globalization;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
 using Umbraco.Extensions;
@@ -28,7 +29,7 @@ public void OnActionExecuted(ActionExecutedContext context)
             }
 
             var remainingSeconds = context.HttpContext.User.GetRemainingAuthSeconds();
-            context.HttpContext.Response.Headers.Add(
+            context.HttpContext.Response.Headers.Append(
                 "X-Umb-User-Seconds",
                 remainingSeconds.ToString(CultureInfo.InvariantCulture));
         }

src/Umbraco.Web.Common/Umbraco.Web.Common.csproj

@@ -12,14 +12,13 @@
       [SA1117] params all on same line
       [SA1401] make fields private
       [SA1134] own line attributes
-      [ASP0019] use IHeaderDictionary.Append or the indexer to append or set headers
       [CS0618]/[SYSLIB0051] adjust obsolete references
       [IDE0040]/[SA1400] access modifiers
       [SA1405] Debug assert message text
       [CS0419]/[CS1574] cref ambiguities
       [SA1649] file name match type
     -->
-    <WarningsNotAsErrors>$(WarningsNotAsErrors),SA1117,SA1401,SA1134,ASP0019,CS0618,SYSLIB0051,IDE0040,SA1400,SA1405,CS0419,CS1574,SA1649</WarningsNotAsErrors>
+    <WarningsNotAsErrors>$(WarningsNotAsErrors),SA1117,SA1401,SA1134,CS0618,SYSLIB0051,IDE0040,SA1400,SA1405,CS0419,CS1574,SA1649</WarningsNotAsErrors>
   </PropertyGroup>
 
   <ItemGroup>

src/Umbraco.Web.Website/Middleware/BasicAuthenticationMiddleware.cs

@@ -106,7 +106,7 @@ private void HandleUnauthorized(HttpContext context)
         else
         {
             context.Response.StatusCode = 401;
-            context.Response.Headers.Add("WWW-Authenticate", "Basic realm=\"Umbraco login\"");
+            context.Response.Headers.Append("WWW-Authenticate", "Basic realm=\"Umbraco login\"");
         }
     }
 }

src/Umbraco.Web.Website/Umbraco.Web.Website.csproj

@@ -9,13 +9,12 @@
   <PropertyGroup>
     <!--
       TODO: Fix and remove overrides:
-      [ASP0019] use IHeaderDictionary.Append or the indexer to append or set headers
       [CS0618] handle member obsolete appropriately
       [SA1401] make fields private
       [SA1649] update file name
       [IDE1006] fix naming rule violation
     -->
-    <WarningsNotAsErrors>$(WarningsNotAsErrors),ASP0019,CS0618,SA1401,SA1649,IDE1006</WarningsNotAsErrors>
+    <WarningsNotAsErrors>$(WarningsNotAsErrors),CS0618,SA1401,SA1649,IDE1006</WarningsNotAsErrors>
   </PropertyGroup>
 
   <ItemGroup>

tests/Umbraco.Tests.UnitTests/Umbraco.Tests.UnitTests.csproj

@@ -17,15 +17,14 @@
       [SA1401] fields must be private
       [SA1405] debug message text
       [IDE0060] remove parameter
-      [ASP0019] header append
       [CS0114] inherited member
       [CS0661]/[CS0659] adjust overrides
       [CS0414] unassigned field
       [CS0252] confirm reference comparison
       [CS0612] obsolete
       [IDE1006] fix naming rule violation
     -->
-    <WarningsNotAsErrors>$(WarningsNotAsErrors),SYSLIB0013,CS0618,CS1998,SA1117,CS0067,CA1822,CA1416,IDE0028,SA1401,SA1405,IDE0060,ASP0019,CS0114,CS0661,CS0659,CS0414,CS0252,CS0612,IDE1006</WarningsNotAsErrors>
+    <WarningsNotAsErrors>$(WarningsNotAsErrors),SYSLIB0013,CS0618,CS1998,SA1117,CS0067,CA1822,CA1416,IDE0028,SA1401,SA1405,IDE0060,CS0114,CS0661,CS0659,CS0414,CS0252,CS0612,IDE1006</WarningsNotAsErrors>
   </PropertyGroup>
 
   <ItemGroup>

tests/Umbraco.Tests.UnitTests/Umbraco.Web.Common/Extensions/HttpContextExtensionTests.cs

@@ -29,7 +29,7 @@ public void TryGetBasicAuthCredentials_WithHeader_ReturnsTrueWithCredentials()
 
         var httpContext = new DefaultHttpContext();
         var credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes($"{testUsername}:{testPassword}"));
-        httpContext.Request.Headers.Add("Authorization", $"Basic {credentials}");
+        httpContext.Request.Headers.Append("Authorization", $"Basic {credentials}");
 
         var result = httpContext.TryGetBasicAuthCredentials(out var username, out var password);
 

tests/Umbraco.Tests.UnitTests/Umbraco.Web.Common/ModelBinders/HttpQueryStringModelBinderTests.cs

@@ -74,7 +74,7 @@ private ModelBindingContext CreateBindingContext(string querystring)
     {
         var httpContext = new DefaultHttpContext();
         httpContext.Request.QueryString = new QueryString(querystring);
-        httpContext.Request.Headers.Add("X-UMB-CULTURE", new StringValues("en-gb"));
+        httpContext.Request.Headers.Append("X-UMB-CULTURE", new StringValues("en-gb"));
         var routeData = new RouteData();
         var actionContext = new ActionContext(httpContext, routeData, new ActionDescriptor());
         var metadataProvider = new EmptyModelMetadataProvider();