// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IDasBlogSettings dasBlogSettings)
{
(var siteOk, var siteError) = RepairSite(app);
if (env.IsDevelopment() || env.IsStaging())
{
app.UseDeveloperExceptionPage();
//app.UseBrowserLink();
}
else
{
app.UseExceptionHandler("/home/error");
}
if (env.IsStaging() || env.IsProduction())
{
app.UseHsts(options => options.MaxAge(days: 30));
}
if (!siteOk)
{
app.Run(async context => await context.Response.WriteAsync(siteError));
return;
}
var options = new RewriteOptions()
.AddIISUrlRewrite(env.ContentRootFileProvider, IISUrlRewriteConfigPath);
app.UseRewriter(options);
app.UseRouting();
//if you've configured it at /blog or /whatever, set that pathbase so ~ will generate correctly
var rootUri = new Uri(dasBlogSettings.SiteConfiguration.Root);
var path = rootUri.AbsolutePath;
//Deal with path base and proxies that change the request path
if (path != "/")
{
app.Use((context, next) =>
{
context.Request.PathBase = new PathString(path);
return(next.Invoke());
});
}
app.UseForwardedHeaders();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseStaticFiles(new StaticFileOptions()
{
FileProvider = new PhysicalFileProvider(BinariesPath),
RequestPath = string.Format("/{0}", BinariesUrlRelativePath)
});
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, "Themes")),
RequestPath = "/theme"
});
app.UseAuthentication();
app.Use(PopulateThreadCurrentPrincipalForMvc);
app.UseRouting();
app.UseAuthorization();
app.UseXContentTypeOptions();
app.UseXXssProtection(options => options.EnabledWithBlockMode());
app.UseXfo(options => options.SameOrigin());
app.UseReferrerPolicy(opts => opts.NoReferrerWhenDowngrade());
if (SecurityStyleSources != null && SecurityScriptSources != null)
{
app.UseCsp(options => options
.DefaultSources(s => s.Self()
.CustomSources("data:")
.CustomSources("https:"))
.StyleSources(s => s.Self()
.CustomSources(SecurityStyleSources)
.UnsafeInline()
)
.ScriptSources(s => s.Self()
.CustomSources(SecurityScriptSources)
.UnsafeInline()
.UnsafeEval()
)
);
}
app.Use(async(context, next) =>
{
context.Response.Headers.Add("Feature-Policy", "geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none';");
await next.Invoke();
});
app.UseLoggingAgent();
app.UseEndpoints(endpoints =>
{
endpoints.MapHealthChecks("/healthcheck");
if (dasBlogSettings.SiteConfiguration.EnableTitlePermaLinkUnique)
{
endpoints.MapControllerRoute(
"Original Post Format",
"~/{year:int}/{month:int}/{day:int}/{posttitle}.aspx",
new { controller = "BlogPost", action = "Post", posttitle = "" });
endpoints.MapControllerRoute(
"New Post Format",
"~/{year:int}/{month:int}/{day:int}/{posttitle}",
new { controller = "BlogPost", action = "Post", postitle = "" });
}
else
{
endpoints.MapControllerRoute(
"Original Post Format",
"~/{posttitle}.aspx",
new { controller = "BlogPost", action = "Post", posttitle = "" });
endpoints.MapControllerRoute(
"New Post Format",
"~/{posttitle}",
new { controller = "BlogPost", action = "Post", postitle = "" });
}
endpoints.MapControllerRoute(
name: "default", "~/{controller=Home}/{action=Index}/{id?}");
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IDasBlogSettings dasBlogSettings)
{
(var siteOk, var siteError) = RepairSite(app);
if (env.IsDevelopment() || env.IsStaging())
{
app.UseDeveloperExceptionPage();
//app.UseBrowserLink();
}
else
{
app.UseExceptionHandler("/home/error");
}
if (env.IsStaging() || env.IsProduction())
{
app.UseHsts(options => options.MaxAge(days: 30));
}
if (!siteOk)
{
app.Run(async context => await context.Response.WriteAsync(siteError));
return;
}
var options = new RewriteOptions()
.AddIISUrlRewrite(env.ContentRootFileProvider, IISUrlRewriteConfigPath);
app.UseRewriter(options);
app.UseRouting();
//if you've configured it at /blog or /whatever, set that pathbase so ~ will generate correctly
var rootUri = new Uri(dasBlogSettings.SiteConfiguration.Root);
var path = rootUri.AbsolutePath;
//Deal with path base and proxies that change the request path
if (path != "/")
{
app.Use((context, next) =>
{
context.Request.PathBase = new PathString(path);
return(next.Invoke());
});
}
app.UseForwardedHeaders();
app.UseStaticFiles();
app.UseCookiePolicy();
Action <StaticFileResponseContext> cacheControlPrepResponse = (ctx) =>
{
const int durationInSeconds = 60 * 60 * 24;
ctx.Context.Response.Headers[HeaderNames.CacheControl] =
"public,max-age=" + durationInSeconds;
ctx.Context.Response.Headers["Expires"] = DateTime.UtcNow.AddHours(12).ToString("R");
};
app.UseStaticFiles(new StaticFileOptions()
{
FileProvider = new PhysicalFileProvider(BinariesPath),
RequestPath = string.Format("/{0}", BinariesUrlRelativePath),
OnPrepareResponse = cacheControlPrepResponse
});
app.UseStaticFiles(new StaticFileOptions()
{
FileProvider = new PhysicalFileProvider(BinariesPath),
RequestPath = string.Format("/{0}", BinariesUrlRelativePath),
OnPrepareResponse = cacheControlPrepResponse
});
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, "content/radioStories")),
RequestPath = "/content/radioStories",
OnPrepareResponse = cacheControlPrepResponse
});
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, "Themes")),
RequestPath = "/theme",
OnPrepareResponse = cacheControlPrepResponse
});
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, "Themes")),
RequestPath = "/themes",
OnPrepareResponse = cacheControlPrepResponse
});
app.UseAuthentication();
app.Use(PopulateThreadCurrentPrincipalForMvc);
app.UseRouting();
app.UseAuthorization();
app.UseXContentTypeOptions();
app.UseXXssProtection(options => options.EnabledWithBlockMode());
app.UseXfo(options => options.SameOrigin());
app.UseReferrerPolicy(opts => opts.NoReferrerWhenDowngrade());
var SecurityScriptSources = Configuration.GetSection("SecurityScriptSources")?.Value?.Split(";");
var SecurityStyleSources = Configuration.GetSection("SecurityStyleSources")?.Value?.Split(";");
var DefaultSources = Configuration.GetSection("DefaultSources")?.Value?.Split(";");
if (SecurityStyleSources != null && SecurityScriptSources != null && DefaultSources != null)
{
app.UseCsp(options => options
.DefaultSources(s => s.Self()
.CustomSources(DefaultSources)
)
.StyleSources(s => s.Self()
.CustomSources(SecurityStyleSources)
.UnsafeInline()
)
.ScriptSources(s => s.Self()
.CustomSources(SecurityScriptSources)
.UnsafeInline()
.UnsafeEval()
)
);
}
app.Use(async(context, next) =>
{
//being renamed/changed to this soon
context.Response.Headers.Add("Permissions-Policy", "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()");
await next.Invoke();
});
app.UseLoggingAgent();
app.UseEndpoints(endpoints =>
{
endpoints.MapHealthChecks("/healthcheck");
if (dasBlogSettings.SiteConfiguration.EnableTitlePermaLinkUnique)
{
endpoints.MapControllerRoute(
"Original Post Format",
"~/{year:int}/{month:int}/{day:int}/{posttitle}.aspx",
new { controller = "BlogPost", action = "Post", posttitle = "" });
endpoints.MapControllerRoute(
"New Post Format",
"~/{year:int}/{month:int}/{day:int}/{posttitle}",
new { controller = "BlogPost", action = "Post", postitle = "" });
}
else
{
endpoints.MapControllerRoute(
"Original Post Format",
"~/{posttitle}.aspx",
new { controller = "BlogPost", action = "Post", posttitle = "" });
endpoints.MapControllerRoute(
"New Post Format",
"~/{posttitle}",
new { controller = "BlogPost", action = "Post", postitle = "" });
}
endpoints.MapControllerRoute(
name: "default", "~/{controller=Home}/{action=Index}/{id?}");
});
}
