Skip to content

Commit

Permalink
Improve Boilerplate forwarded headers middleware configuration (#9393)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ysmoradi
ysmoradi committed Dec 3, 2024
1 parent 3009f55 commit 15a8b99
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 28 deletions.
31 changes: 9 additions & 22 deletions .github/workflows/admin-sample.cd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@
# Project templates come equipped with CI/CD for both Azure DevOps and GitHub, providing you with a hassle-free way to get started with your new project. It is important to note that you should not depend on the contents of this file. More info at https://bitplatform.dev/templates/dev-ops

env:
API_SERVER_ADDRESS: 'https://adminpanel-api.bitplatform.dev'
WEB_SERVER_ADDRESS: 'https://adminpanel.bitplatform.dev'
SERVER_ADDRESS: 'https://adminpanel.bitplatform.dev'
APP_SERVICE_NAME: 'bit-adminpanel'

on:
Expand Down Expand Up @@ -36,15 +35,15 @@ jobs:
cd src/Templates/Boilerplate && dotnet build -c Release
dotnet pack -c Release -o . -p:ReleaseVersion=0.0.0 -p:PackageVersion=0.0.0
dotnet new install Bit.Boilerplate.0.0.0.nupkg
cd ../../../ && dotnet new bit-bp --name AdminPanel --database PostgreSQL --sample Admin --appInsights --sentry --serverUrl ${{ env.WEB_SERVER_ADDRESS }} --filesStorage AzureBlobStorage --api Standalone --notification --captcha reCaptcha --signalR --framework net9.0
cd ../../../ && dotnet new bit-bp --name AdminPanel --database PostgreSQL --sample Admin --appInsights --sentry --serverUrl ${{ env.SERVER_ADDRESS }} --filesStorage AzureBlobStorage --notification --captcha reCaptcha --signalR --framework net9.0
- name: Update core appsettings.json
uses: devops-actions/[email protected]
with:
files: 'AdminPanel/src/Shared/appsettings.json, AdminPanel/src/Client/AdminPanel.Client.Core/appsettings.json, AdminPanel/src/Client/AdminPanel.Client.Web/appsettings.json, AdminPanel/src/Client/AdminPanel.Client.Web/appsettings.Production.json'
env:
WebAppRender.BlazorMode: BlazorWebAssembly
ServerAddress: ${{ env.API_SERVER_ADDRESS }}
ServerAddress: ${{ env.SERVER_ADDRESS }}
Logging.Sentry.Dsn: ${{ secrets.ADMINPANEL_SENTRY_DSN }}
GoogleRecaptchaSiteKey: ${{ secrets.GOOGLE_RECAPTCHA_SITE_KEY }}
AdsPushVapid.PublicKey: ${{ secrets.ADMINPANEL_PUBLIC_VAPIDKEY }}
Expand All @@ -69,18 +68,6 @@ jobs:
name: server-bundle
path: ${{env.DOTNET_ROOT}}/server

- name: Publish adminpanel blazor wasm standalone
run: |
sed -i 's/adminpanel.bitplatform.dev/adminpanel-api.bitplatform.dev/g' AdminPanel/src/Client/AdminPanel.Client.Web/wwwroot/index.html
dotnet publish AdminPanel/src/Client/AdminPanel.Client.Web/AdminPanel.Client.Web.csproj -c Release -p:PwaEnabled=true -o ${{env.DOTNET_ROOT}}/static -p:Version="${{ vars.APPLICATION_DISPLAY_VERSION}}"
- name: Upload static artifact
uses: actions/upload-artifact@v4
with:
name: static-bundle
path: ${{env.DOTNET_ROOT}}/static
include-hidden-files: true # Required for wwwroot/.well-known folder

deploy_api_blazor:
name: deploy api + blazor
needs: build_api_blazor
Expand Down Expand Up @@ -145,14 +132,14 @@ jobs:
cd src\Templates\Boilerplate && dotnet build -c Release
dotnet pack -c Release -o . -p:ReleaseVersion=0.0.0 -p:PackageVersion=0.0.0
dotnet new install Bit.Boilerplate.0.0.0.nupkg
cd ..\..\..\ && dotnet new bit-bp --name AdminPanel --database PostgreSQL --sample Admin --windows --appInsights --sentry --serverUrl ${{ env.WEB_SERVER_ADDRESS }} --filesStorage AzureBlobStorage --captcha reCaptcha --signalR --offlineDb --framework net9.0
cd ..\..\..\ && dotnet new bit-bp --name AdminPanel --database PostgreSQL --sample Admin --windows --appInsights --sentry --serverUrl ${{ env.SERVER_ADDRESS }} --filesStorage AzureBlobStorage --captcha reCaptcha --signalR --offlineDb --framework net9.0
- name: Update core appsettings.json
uses: devops-actions/[email protected]
with:
files: 'AdminPanel\src\Shared\appsettings.json, AdminPanel\src\Client\AdminPanel.Client.Core\appsettings.json, AdminPanel\src\Client\AdminPanel.Client.Windows\appsettings.json'
env:
ServerAddress: ${{ env.API_SERVER_ADDRESS }}
ServerAddress: ${{ env.SERVER_ADDRESS }}
Logging.Sentry.Dsn: ${{ secrets.ADMINPANEL_SENTRY_DSN }}
GoogleRecaptchaSiteKey: ${{ secrets.GOOGLE_RECAPTCHA_SITE_KEY }}
WindowsUpdate.FilesUrl: https://windows-adminpanel.bitplatform.dev
Expand Down Expand Up @@ -193,7 +180,7 @@ jobs:
cd src/Templates/Boilerplate && dotnet build -c Release
dotnet pack -c Release -o . -p:ReleaseVersion=0.0.0 -p:PackageVersion=0.0.0
dotnet new install Bit.Boilerplate.0.0.0.nupkg
cd ../../../ && dotnet new bit-bp --name AdminPanel --database PostgreSQL --sample Admin --appInsights --sentry --serverUrl ${{ env.WEB_SERVER_ADDRESS }} --filesStorage AzureBlobStorage --notification --captcha reCaptcha --signalR --framework net9.0
cd ../../../ && dotnet new bit-bp --name AdminPanel --database PostgreSQL --sample Admin --appInsights --sentry --serverUrl ${{ env.SERVER_ADDRESS }} --filesStorage AzureBlobStorage --notification --captcha reCaptcha --signalR --framework net9.0
- uses: actions/setup-node@v4
with:
Expand All @@ -218,7 +205,7 @@ jobs:
with:
files: 'AdminPanel/src/Shared/appsettings.json, AdminPanel/src/Client/AdminPanel.Client.Core/appsettings.json, AdminPanel/src/Client/AdminPanel.Client.Maui/appsettings.json'
env:
ServerAddress: ${{ env.API_SERVER_ADDRESS }}
ServerAddress: ${{ env.SERVER_ADDRESS }}
Logging.Sentry.Dsn: ${{ secrets.ADMINPANEL_SENTRY_DSN }}
GoogleRecaptchaSiteKey: ${{ secrets.GOOGLE_RECAPTCHA_SITE_KEY }}
ApplicationInsights.ConnectionString: ${{ secrets.APPLICATION_INSIGHTS_CONNECTION_STRING }}
Expand Down Expand Up @@ -270,14 +257,14 @@ jobs:
cd src/Templates/Boilerplate && dotnet build -c Release
dotnet pack -c Release -o . -p:ReleaseVersion=0.0.0 -p:PackageVersion=0.0.0
dotnet new install Bit.Boilerplate.0.0.0.nupkg
cd ../../../ && dotnet new bit-bp --name AdminPanel --database PostgreSQL --sample Admin --appInsights --serverUrl ${{ env.WEB_SERVER_ADDRESS }} --filesStorage AzureBlobStorage --notification --captcha reCaptcha --signalR --framework net9.0
cd ../../../ && dotnet new bit-bp --name AdminPanel --database PostgreSQL --sample Admin --appInsights --serverUrl ${{ env.SERVER_ADDRESS }} --filesStorage AzureBlobStorage --notification --captcha reCaptcha --signalR --framework net9.0
- name: Update core appsettings.json
uses: devops-actions/[email protected]
with:
files: 'AdminPanel/src/Shared/appsettings.json, AdminPanel/src/Client/AdminPanel.Client.Core/appsettings.json, AdminPanel/src/Client/AdminPanel.Client.Maui/appsettings.json'
env:
ServerAddress: ${{ env.API_SERVER_ADDRESS }}
ServerAddress: ${{ env.SERVER_ADDRESS }}
Logging.Sentry.Dsn: ${{ secrets.ADMINPANEL_SENTRY_DSN }}
GoogleRecaptchaSiteKey: ${{ secrets.GOOGLE_RECAPTCHA_SITE_KEY }}
ApplicationInsights.ConnectionString: ${{ secrets.APPLICATION_INSIGHTS_CONNECTION_STRING }}
Expand Down
5 changes: 4 additions & 1 deletion ...oilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/appsettings.Development.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
{
{
"ForwardedHeaders": {
"AllowedHosts": [ "*" ]
},
"DetailedErrors": true,
"$schema": "https://json.schemastore.org/appsettings.json"
}
6 changes: 4 additions & 2 deletions src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/appsettings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,10 +114,12 @@
},
"AllowedHosts": "*",
"ForwardedHeaders": {
"ForwardedHeaders_Comment": "These values apply only if your backend is hosted behind a CDN (such as Cloudflare).",
"ForwardedHeaders": "All",
"ForwardedHeaders_Comment": "These values apply only if your backend is hosted behind a CDN (such as `Cloudflare`).",
"ForwardedHostHeaderName": "X-Forwarded-Host",
"ForwardedHostHeaderName_Comment": "For Cloudflare, use X-Host instead of X-Forwarded-Host.",
"ForwardedHeaders": "All"
"AllowedHosts": [ "" ],
"AllowedHosts_Comment": "If the list is empty then all hosts are allowed. Failing to restrict this these values may allow an attacker to spoof links generated for reset password etc."
},
"$schema": "https://json.schemastore.org/appsettings.json"
}
5 changes: 4 additions & 1 deletion ...oilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/appsettings.Development.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
{
{
"ForwardedHeaders": {
"AllowedHosts": [ "*" ]
},
"DetailedErrors": true,
"$schema": "https://json.schemastore.org/appsettings.json"
}
6 changes: 4 additions & 2 deletions src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/appsettings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,10 +104,12 @@
//#endif
"AllowedHosts": "*",
"ForwardedHeaders": {
"ForwardedHeaders_Comment": "These values apply only if your backend is hosted behind a CDN (such as Cloudflare).",
"ForwardedHeaders": "All",
"ForwardedHeaders_Comment": "These values apply only if your backend is hosted behind a CDN (such as `Cloudflare`).",
"ForwardedHostHeaderName": "X-Forwarded-Host",
"ForwardedHostHeaderName_Comment": "For Cloudflare, use X-Host instead of X-Forwarded-Host.",
"ForwardedHeaders": "All"
"AllowedHosts": [ "" ],
"AllowedHosts_Comment": "If the list is empty then all hosts are allowed. Failing to restrict this these values may allow an attacker to spoof links generated for reset password etc."
},
"$schema": "https://json.schemastore.org/appsettings.json"
}

0 comments on commit 15a8b99

Please sign in to comment.