Skip to content

Commit 6da26c2

Browse files
damienboddamienbod
authored
Merge pull request #22 from secure-web-apps/feature/improvements
Move permissions from workflow level to job level - Update Aspire to 13.1.2 - Update xunit to xunit.v3
2 parents d9decd0 + dd09a68 commit 6da26c2

9 files changed

Lines changed: 320 additions & 332 deletions

File tree

.github/workflows/deploy-to-azure.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,6 @@ concurrency:
99
group: deploy-to-azure
1010
cancel-in-progress: false
1111

12-
permissions:
13-
id-token: write
14-
contents: read
15-
1612
env:
1713
AZURE_WEBAPP_NAME: e2e-security-web-appsrv-dev # set this to the name of your Azure App Service
1814
AZURE_WEBAPP_PACKAGE_PATH: "."
@@ -24,6 +20,10 @@ jobs:
2420
build:
2521
runs-on: ubuntu-latest
2622

23+
permissions:
24+
contents: read
25+
id-token: write
26+
2727
steps:
2828
- uses: actions/checkout@v4
2929

Bff.AppHost/AppHost.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
if (builder.Environment.IsDevelopment())
66
{
7-
var angularFrontend = builder.AddNpmApp("angular", "../ui", "start")
7+
var angularFrontend = builder.AddJavaScriptApp("angular", "../ui", "start")
88
.WithHttpsEndpoint(port: 3000, 4201, env: "BASE_URL");
99

1010
builder.AddProject<Projects.BffMicrosoftEntraID_Server>("bffmicrosoftentraid-server")

Bff.AppHost/Bff.AppHost.csproj

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<Project Sdk="Aspire.AppHost.Sdk/13.0.0">
1+
<Project Sdk="Aspire.AppHost.Sdk/13.1.2">
22

33
<PropertyGroup>
44
<OutputType>Exe</OutputType>
@@ -9,7 +9,7 @@
99
</PropertyGroup>
1010

1111
<ItemGroup>
12-
<PackageReference Include="Aspire.Hosting.NodeJs" Version="9.5.2" />
12+
<PackageReference Include="Aspire.Hosting.JavaScript" Version="13.1.2" />
1313
</ItemGroup>
1414

1515
<ItemGroup>

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,7 @@ ng update @angular/cli @angular/core
8888

8989
## History
9090

91+
- 2026-03-18 Updated .NET Aspire to 13.1.2, updated xunit to xunit.v3, moved permissions from workflow level to job level, updated npm packages
9192
- 2026-03-14 Updated Nuget packages
9293
- 2026-02-24 Updated Nuget packages, Angular 21
9394
- 2025-12-07 Updated to .NET 10 and Angular 21

server/Security/DefaultSecurityHeadersDefinitions.cs

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,14 +34,20 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin
3434

3535
if (isDev)
3636
{
37-
builder.AddStyleSrc().Self().UnsafeInline();
37+
builder.AddStyleSrc()
38+
.Self()
39+
.UnsafeInline();
3840
}
3941
else
4042
{
41-
builder.AddStyleSrc().WithNonce().UnsafeInline();
43+
builder.AddStyleSrc()
44+
.WithNonce()
45+
.UnsafeInline();
4246
}
4347

44-
builder.AddScriptSrc().WithNonce().UnsafeInline();
48+
builder.AddScriptSrc()
49+
.WithNonce()
50+
.UnsafeInline(); // for browser backward compatibility
4551
})
4652
.RemoveServerHeader()
4753
.AddPermissionsPolicyWithDefaultSecureDirectives();

tests/BffMicrosoftEntraID.Server.IntegrationTests.csproj

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,13 @@
88
</PropertyGroup>
99

1010
<ItemGroup>
11-
<PackageReference Include="coverlet.collector" Version="8.0.0">
11+
<PackageReference Include="coverlet.collector" Version="8.0.1">
1212
<PrivateAssets>all</PrivateAssets>
1313
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
1414
</PackageReference>
1515
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.5" />
1616
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.3.0" />
17-
<PackageReference Include="xunit" Version="2.9.3" />
17+
<PackageReference Include="xunit.v3" Version="3.2.2" />
1818
<PackageReference Include="xunit.runner.visualstudio" Version="3.1.5">
1919
<PrivateAssets>all</PrivateAssets>
2020
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>

tests/UserEndpointsTests.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,11 @@ public async Task Get_AsUnauthenticatedUser_ReturnsAnonymousUserInfo()
1919
var client = _factory.CreateClient();
2020

2121
// Act
22-
var response = await client.GetAsync("/api/user");
22+
var response = await client.GetAsync("/api/user", TestContext.Current.CancellationToken);
2323

2424
// Assert
2525
response.EnsureSuccessStatusCode();
26-
var userInfo = await response.Content.ReadFromJsonAsync<Models.UserInfo>();
26+
var userInfo = await response.Content.ReadFromJsonAsync<Models.UserInfo>(cancellationToken: TestContext.Current.CancellationToken);
2727
Assert.NotNull(userInfo);
2828
Assert.False(userInfo!.IsAuthenticated);
2929
}

0 commit comments

Comments
 (0)