Merge branch 'main' into ui-builder-generoc

Author: eshanrnh

13/umbraco-cms/reference/content-delivery-api/protected-content-in-the-delivery-api.md

@@ -382,6 +382,28 @@ To terminate the active session for any given member, you must redirect the brow
 GET /umbraco/delivery/api/v1/security/member/signout?post_logout_redirect_uri={valid URL from LogoutRedirectUrls}
 ```
 
+### User info
+
+The "user info" endpoint is part of the [OpenId Connect core spec](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo).
+
+This implementation returns a few of the [standard claims](https://openid.net/specs/openid-connect-basic-1_0.html#StandardClaims), all of which are subject of availability:
+
+- `sub` (required claim)
+- `name` (if available)
+- `email` (if available)
+
+On top of this, the member groups (if any) are returned in the role claim.
+
+The implementation is build to be extendable, so custom claims can be added to these claims - and the core claims can be removed, too.
+
+```http
+GET /umbraco/delivery/api/v1/security/member/userinfo
+```
+
+{% hint style="info" %}
+This was introduced in Umbraco 13.6.0.
+{% endhint %}
+
 ## Testing with Swagger
 
 The Delivery API Swagger document can be configured to support member authentication.

13/umbraco-cms/reference/webhooks/README.md

@@ -72,7 +72,7 @@ however, the `Content deleted` does not send the entire content as JSON, instead
 By default, webhook requests will include 3 headers
 - `user-agent: Umbraco-Cms/{version}`, where version is the current version of Umbraco.
 - `umb-webhook-retrycount: {number of retries}`, where number of retries, is the current retry count for a given webhook request.
-- `umb-webhook-event: {Umbraco.event}`, where event is the event that triggered the request, for example for Content published: `umb-webhook-event: Umbraco.ContentUnpublish`
+- `umb-webhook-event: {Umbraco.event}`, where event is the event that triggered the request, for example for Content published: `umb-webhook-event: Umbraco.ContentPublish`
 
 # Configuring Webhooks
 

13/umbraco-engage/SUMMARY.md

@@ -28,6 +28,7 @@
   * [Load Balancing and CM/CD Environments](getting-started/for-developers/loadbalancing-and-cm-cd-environments.md)
   * [Content Delivery Network recommendations](getting-started/for-developers/content-delivery-network-recommendations.md)
   * [Cockpit](getting-started/for-developers/cockpit.md)
+  * [Content Security Policy nonce configuration](getting-started/for-developers/content-security-policy-nonce-configuration.md)
   * [Troubleshooting installations](getting-started/for-developers/troubleshooting-installations.md)
 
 ## Marketers and Editors

13/umbraco-engage/getting-started/for-developers/README.md

@@ -23,3 +23,7 @@ Explore recommended CDN options to improve content delivery speeds.
 ## [Cockpit](cockpit.md)
 
 View with the technical aspects of the Cockpit for managing marketing features within Umbraco Engage.
+
+## [Content Security Policy (CSP) Nonce Configuration](./#csp-nonce-configuration)
+
+Configure a nonce to be used by Engage scripts & styles for your content security policy.

13/umbraco-engage/getting-started/for-developers/content-security-policy-nonce-configuration.md

@@ -0,0 +1,57 @@
+---
+description: >-
+  In this section, you will learn how to add a Content Security Policy (CSP)
+  nonce to scripts & styles injected by Engage.
+---
+
+# Content Security Policy nonce configuration
+
+Engage automatically injects different scripts and styles into the returned HTML when requesting content. It also adds the option to set a nonce for the duration of a request to be picked up and added to said scripts and styles. This can be used when a CSP requires a nonce for scripts. 
+
+{% hint style="info" %}
+This feature has been added in version 13.3.0+ of Engage.
+{% endhint %}
+
+## How to set a nonce
+
+Because a nonce should only be used once, it must be set in a location that gives control for individual requests. This could be in a Render Controller Action or a Service with lifetime Scoped or Transient. The following steps use a Render Controller to set a nonce.
+
+1. Get an instance of `IContentInjectionSecurityService` from the `Umbraco.Engage.Infrastructure.Common.Security` namespace into your controller using dependency injection. 
+2. Call the `.SetNonceForCurrentRequest("Your-Nonce-Here")` method before rendering content.
+3. Proceed as you to return content.
+
+```csharp
+public class HomeController : RenderController
+{
+    private readonly IContentInjectionSecurityService _contentInjectionSecurityService;
+
+    public HomeController(
+        ILogger<RenderController> logger,
+        ICompositeViewEngine compositeViewEngine,
+        IUmbracoContextAccessor umbracoContextAccessor,
+        IContentInjectionSecurityService contentInjectionSecurityService) : base(logger, compositeViewEngine, umbracoContextAccessor)
+    {
+        _contentInjectionSecurityService = contentInjectionSecurityService;
+    }
+    
+    public IActionResult Home()
+    {
+        _contentInjectionSecurityService.SetNonceForCurrentRequest("Your-Nonce-Here");
+        return base.Index();
+    }
+}
+```
+
+## Usage
+
+When a nonce is present for the current request, it will be added to the following locations:
+
+* The bot detection (ping) script within the Head tag.
+* The client-side analytics initializer script within the Body tag.
+* The cockpit scripts (only if the cockpit partial is added).
+* Any applied Personalization that makes use of CSS or Javascript.
+
+{% hint style="warning" %}
+Engage does not modify the existing CSP and doesn't set a nonce to scripts and styles added without Engage.
+{% endhint %}
+

14/umbraco-cms/.gitbook.yaml

@@ -130,3 +130,4 @@ redirects:
     fundamentals/backoffice/property-editors/built-in-umbraco-property-editors/block-editor/label-property-configuration: reference/umbraco-flavored-markdown.md
     customizing/property-editors/build-a-block-editor: fundamentals/backoffice/property-editors/built-in-umbraco-property-editors/block-editor/README.md
     tutorials/creating-and-distributing-a-package: extending/packages/creating-a-package.md
+    fundamentals/design/templates/named-sections: fundamentals/design/templates/README.md

14/umbraco-cms/SUMMARY.md

@@ -103,7 +103,6 @@
 * [Design](fundamentals/design/README.md)
   * [Templates](fundamentals/design/templates/README.md)
     * [Basic Razor Syntax](fundamentals/design/templates/basic-razor-syntax.md)
-    * [Named Sections](fundamentals/design/templates/named-sections.md)
     * [Razor Cheatsheet](fundamentals/design/templates/razor-cheatsheet.md)
   * [Rendering Content](fundamentals/design/rendering-content.md)
   * [Rendering Media](fundamentals/design/rendering-media.md)

14/umbraco-cms/fundamentals/design/templates/README.md

@@ -1,32 +1,46 @@
 ---
-description: Templating in Umbraco including inheriting from master template
+description: Templating in Umbraco builds on the concept of Razor Views from ASP.NET MVC.
 ---
 
 # Templates
 
-_Templating in Umbraco builds on the concept of Razor Views from ASP.NET MVC - if you already know this, then you are ready to create your first template - if not, this is a quick and handy guide._
+Templates are the files that control the look and feel of the frontend of your Umbraco websites. Building on the concept of MVC Razor Views, template files enable you to structure your websites using HTML, CSS, and JavaScript. When tied to a Document Type, templates are used to render your Umbraco content on the frontend.
 
-## Creating your first Template
+You can manage and work with your templates directly from the Settings section in the Umbraco backoffice. Each Template can also be found as a `cshtml` file in the `Views` folder in your project directory.
 
-By default, all document types should have a template attached - but in case you need an alternative template or a new one, you can create one:
+## Creating Templates
+
+When building an Umbraco website you can automatically generate Templates when you create a new Document Type. This will ensure the connection between the two and you can jump straight from defining the content to structuring it.
+
+Choose the option called **[Document Type with Template](../../data/defining-content/README.md)** when you create a new Document Type to automatically create a Template as well.
+
+In some cases, you might want to create independent Templates that don't have a direct connection to a Document Type. You can follow the steps below to create a new blank Template:
 
 1. Go to the **Settings** section inside the Umbraco backoffice.
 2. Click **...** next to the **Templates** folder.
 3. Choose **Create**.
 4. Enter a template name.
-5. Click the **Save** button. You will now see the default template markup in the backoffice template editor.
+5. Click the **Save** button.
+
+You will now see the default template markup in the backoffice template editor.
 
 ![Created template](images/create-template.png)
 
 ## Allowing a Template on a Document Type
 
-To use a template on a document, you must first allow it on the content's type. Open the Document Type you want to use the template, go to the Templates tab and select the template under the **Allowed Templates** section.
+To use a Template on your content, you must first allow it on the content Document Type.
+
+1. Open the Document Type you want to use the template.
+2. Open the **Templates** Workspace View.
+3. Select your Template under the **Allowed Templates** section.
 
 ![Allowing template](images/allow-template.png)
 
-## Inheriting a Master Template
+## Inheriting a Template
+
+A Template can inherit content from a "Master Template". This is done by using the ASP.NET views Layout feature.
 
-A template can inherit content from a master template by using the ASP.NET views Layout feature. Let's say we have a template called **MasterView**, containing the following HTML:
+Let's say you have a Template called **MainView**, containing the following HTML:
 
 ```csharp
 @inherits Umbraco.Cms.Web.Common.Views.UmbracoViewPage
@@ -42,21 +56,34 @@ A template can inherit content from a master template by using the ASP.NET views
 </html>
 ```
 
-We then create a new template called **textpage** and in the template editor, click on the **Master Template** button and set its master template to the template called **MasterView**:
+This file contains the structural HTML tags for your website.
+
+By using the Template as the "Master Template" on your other Templates, you can ensure that they inherit the same structural HTML.
+
+Follow these steps to use a Template file as a Master Template:
+
+1. Open one of your Template files.
+2. Select the **Master template: No master** button above the editor.
+3. Select the Template that should be defined as the Master Template.
+4. Click **Choose**.
 
 ![Inherit template](images/inherit-template.png)
 
-This changes the `Layout`value in the template markup, so **textpage** looks like this:
+Alternatively, you can manually change the value of the `Layout` variable in the Template using the name of the Template file.
+
+The updated markup will look something like the snippet below and the Template is now referred to as a *Child Template*:
 
 ```csharp
 @inherits Umbraco.Web.Mvc.UmbracoViewPage
 @{
-    Layout = "MasterView.cshtml";
+    Layout = "MainView.cshtml";
 }
 <p>My content</p>
 ```
 
-When a page using the textpage template renders, the final HTML will be merged replacing the `@renderBody()` placeholder, and produce the following:
+When a page that uses a Template with a Master Template defined is rendered, the HTML of the two templates is merged.
+
+The code from the Template replaces the `@RenderBody()` tag in the Master Template. Following the examples above, the final HTML will look like the code in the snippet below:
 
 ```csharp
 @inherits Umbraco.Web.Mvc.UmbracoViewPage
@@ -72,17 +99,39 @@ When a page using the textpage template renders, the final HTML will be merged r
 </html>
 ```
 
-## Template Sections
+## Named Sections
+
+Template Sections give you added flexibility when building your templates. Use the Template Section together with a Master Template setup, to decide where sections of content are placed.
 
-What's good to know, is that you are not limited to a single section. Template sections allow child templates that inherit the master layout template to insert HTML code up into the main layout template. For example, a child template inserting code into the `<head>` tag of the master template.
+If a Child Template needs to add code to the `<head>` tag a Section must be defined and then used in the Master Template. This is made possible by [Named Sections](https://www.youtube.com/watch?v=lrnJwglbGUA).
 
-You can do this by using [named sections](https://www.youtube.com/watch?v=lrnJwglbGUA). Add named sections to your master template with the following code:
+The following steps will guide you through defining and using a Named Section:
+
+1. Open your Template.
+2. Select the **Sections** option.
+3. Choose **Define a named section**.
+4. Give the section a name and click **Submit**.
+
+![Define a named section by giving it a name](images/defined-named-section.png)
+
+The following code will be added to your Template:
 
 ```csharp
-@RenderSection("SectionName")
+@section SectionName {
+    
+}
 ```
 
-For instance, if you want to be able to add HTML to your `<head>` tags write:
+5. Add your code between the curly brackets.
+6. Save the changes.
+7. Open the Master Template.
+8. Choose a spot for the section and set the cursor there.
+9. Select the **Sections** option.
+10. Choose **Render a named section**.
+11. Enter the name of the section you want to add.
+12. Click **Submit**.
+
+For instance, if you want to be able to add HTML to your `<head>` tags, you would add the tag there:
 
 ```csharp
 @inherits Umbraco.Web.Mvc.UmbracoViewPage
@@ -93,39 +142,32 @@ For instance, if you want to be able to add HTML to your `<head>` tags write:
 <html>
     <head>
         <title>Title</title>
-        @RenderSection("Head")
+        @RenderSection("SectionName", false)
     </head>
 
     <body>
     </body>
 </html>
 ```
 
-By default, when rendering a named section, the section is not mandatory. To make the section mandatory, add `true` or enable **Section is mandatory** field in the **Sections** option.
+You can decide whether a section should be mandatory or not. Making a section mandatory means that any template using the Master Template is required to have the section defined.
 
-```csharp
-@RenderSection("Head", true)
-```
+{% hint style="info" %}
+Keep in mind that whenever a mandatory named section is missing, it will result in errors on your website.
+{% endhint %}
 
-![Create partial](../../../../../10/umbraco-cms/fundamentals/design/templates/images/render-named-sections-v10.png)
+To make the section mandatory, you have two options:
 
-On your child page template call `@section Head {}` and then type your markup that will be pushed into the Master Template:
+* Add `true` to the code tag: `@RenderSection("SectionName", true)`.
+* Check the **Section is mandatory** field when using the **Sections** dialog in the backoffice.
 
-```csharp
-@section Head {
-    <style>
-        body {
-            background: #ff0000;
-        }
-    </style>
-}
-```
+![Create partial](images/render-named-section-mandatory.png)
 
 ## Injecting Partial Views
 
 Another way to reuse HTML is to use partial views - which are small reusable views that can be injected into another view.
 
-Like templates, create a partial view, by clicking **...** next to the **Partial Views** folder and selecting **Create**. You can then either create an empty partial view or create a partial view from a snippet.
+Like templates, you can create a partial view, by clicking **...** next to the **Partial Views** folder and selecting **Create**. You can then either create an empty partial view or a partial view from a snippet.
 
 ![Create partial](images/create-partial.png)
 
@@ -150,9 +192,3 @@ The created partial view can now be injected into any template by using the `@Ht
 ### Tutorials
 
 * [Creating a basic website with Umbraco](../../../tutorials/creating-a-basic-website/)
-
-### Umbraco Learning Base
-
-{% embed url="https://www.youtube.com/playlist?ab_channel=UmbracoLearningBase&list=PLgX62vUaGZsFmzmm4iFKeL41CZ5YFw09z" %}
-Playlist: Templates in Umbraco
-{% endembed %}