secure-web-apps
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 0 deletions b/‎.gitignore‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 10 additions & 8 deletions b/‎README.md‎
Lines changed: 10 additions & 8 deletions
diff --git a/‎server/BffMicrosoftEntraID.Server.csproj‎
Lines changed: 1 addition & 0 deletions b/‎server/BffMicrosoftEntraID.Server.csproj‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎server/Program.cs‎
Lines changed: 3 additions & 0 deletions b/‎server/Program.cs‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎server/appsettings.Development.json‎
Lines changed: 6 additions & 0 deletions b/‎server/appsettings.Development.json‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎server/wwwroot/3rdpartylicenses.txt‎
Lines changed: 0 additions & 241 deletions b/‎server/wwwroot/3rdpartylicenses.txt‎
Lines changed: 0 additions & 241 deletions
diff --git a/‎server/wwwroot/favicon.ico‎
-14.7 KB b/‎server/wwwroot/favicon.ico‎
-14.7 KB
diff --git a/‎server/wwwroot/index.html‎
Lines changed: 0 additions & 18 deletions b/‎server/wwwroot/index.html‎
Lines changed: 0 additions & 18 deletions
diff --git a/‎server/wwwroot/main.7d0ccd34d078f27e.js‎
Lines changed: 0 additions & 1 deletion b/‎server/wwwroot/main.7d0ccd34d078f27e.js‎
Lines changed: 0 additions & 1 deletion
@@ -403,3 +403,6 @@ FodyWeavers.xsd
 # .tfstate files
 *.tfstate
 *.tfstate.*
+
+# wwwroot (as it gets recreated on every npm run build)
+**/wwwroot/*
@@ -73,6 +73,8 @@ For local development environment setup proceed as follows:
 - What's missing for a production setup?
   - Authorization
   - Data requirements
+  - Update of `ui\public\.well-known\security.txt`
+  - Make use of Azure Key Vault for secrets management
 
 ## Angular CLI Updates
 
@@ -86,15 +88,15 @@ ng update @angular/cli @angular/core
 
 ## History
 
-- 2024-10-06 Angular 18.2.7, updated security headers
-- 2024-10-17 Updated security headers performance, updated packages
-- 2025-01-01 .NET 9, Angular 19
-- 2025-08-30 Angular 20, updated packages
-- 2025-10-27 Updated NuGet packages
-- 2025-10-28 Updated frontend packages, added integration tests, added GitHub Actions workflows
-- 2025-10-30 Fixed deployment to Azure App Service, reverted Angular due to CSP nonce issues
 - 2025-10-31 Updated to Angular CLI and Angular 20.3.0, using vite in dev
-- 2025-10-31 Updated packages, added terraform, sonar SCA, SAST, improved GitHub Actions workflows
+- 2025-10-30 Fixed deployment to Azure App Service, reverted Angular due to CSP nonce issues
+- 2025-10-29 Added terraform, sonar SCA, SAST, improved GitHub Actions workflows
+- 2025-10-28 Updated frontend packages, added integration tests, added GitHub Actions workflows
+- 2025-10-27 Updated NuGet packages
+- 2025-08-30 Angular 20, updated packages
+- 2025-01-01 .NET 9, Angular 19
+- 2024-10-17 Updated security headers performance, updated packages
+- 2024-10-06 Angular 18.2.7, updated security headers
 
 ## Links
 
 
@@ -23,6 +23,7 @@
 	<ItemGroup>
 		<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="9.0.10" NoWarn="NU1605" />
 		<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="9.0.10" />
+		<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.10" />
 		<PackageReference Include="Microsoft.Identity.Web.GraphServiceClient" Version="4.0.1" />
 		<PackageReference Include="Microsoft.Identity.Web" Version="4.0.1" />
 		<PackageReference Include="Microsoft.Identity.Web.UI" Version="4.0.1" />
 
@@ -11,6 +11,8 @@
     serverOptions.AddServerHeader = false;
 });
 
+builder.Services.AddOpenApi();
+
 var services = builder.Services;
 var configuration = builder.Configuration;
 
@@ -77,6 +79,7 @@
 
     app.UseDeveloperExceptionPage();
     app.UseWebAssemblyDebugging();
+    app.MapOpenApi();
 }
 else
 {
 
@@ -68,6 +68,12 @@
         "Match": {
           "Path": "/{nomatterwhat}.js.map"
         }
+      },
+      "wellknown": {
+        "ClusterId": "cluster1",
+        "Match": {
+          "Path": ".well-known/{**catch-all}"
+        }
       }
     },
     "Clusters": {
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,8 @@`
`11`	`11`	`serverOptions.AddServerHeader = false;`
`12`	`12`	`});`
`13`	`13`
	`14`	`+builder.Services.AddOpenApi();`
	`15`	`+`
`14`	`16`	`var services = builder.Services;`
`15`	`17`	`var configuration = builder.Configuration;`
`16`	`18`
`@@ -77,6 +79,7 @@`
`77`	`79`
`78`	`80`	`app.UseDeveloperExceptionPage();`
`79`	`81`	`app.UseWebAssemblyDebugging();`
	`82`	`+ app.MapOpenApi();`
`80`	`83`	`}`
`81`	`84`	`else`
`82`	`85`	`{`
Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,12 @@`
`68`	`68`	`"Match": {`
`69`	`69`	`"Path": "/{nomatterwhat}.js.map"`
`70`	`70`	`}`
	`71`	`+ },`
	`72`	`+ "wellknown": {`
	`73`	`+ "ClusterId": "cluster1",`
	`74`	`+ "Match": {`
	`75`	`+ "Path": ".well-known/{**catch-all}"`
	`76`	`+ }`
`71`	`77`	`}`
`72`	`78`	`},`
`73`	`79`	`"Clusters": {`