Added runtime compilation of views

src/Umbraco.Web.BackOffice/Controllers/MacrosController.cs

@@ -26,7 +26,7 @@ namespace Umbraco.Web.BackOffice.Controllers
     /// The API controller used for editing dictionary items
     /// </summary>
     [PluginController("UmbracoApi")]
-   // [UmbracoTreeAuthorize(Constants.Trees.Macros)]
+    [UmbracoTreeAuthorize(Constants.Trees.Macros)]
     public class MacrosController : BackOfficeNotificationsController
     {
         private readonly ParameterEditorCollection _parameterEditorCollection;

src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs

@@ -15,7 +15,7 @@ namespace Umbraco.Web.BackOffice.Controllers
     /// </remarks>
     [IsBackOffice]
     //[UmbracoUserTimeoutFilter] //TODO reintroduce
-    //[UmbracoAuthorize]
+    [UmbracoAuthorize]
     [DisableBrowserCache]
     [UmbracoWebApiRequireHttps]
     //[CheckIfUserTicketDataIsStale] //TODO reintroduce

src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedJsonController.cs

@@ -12,7 +12,7 @@ namespace Umbraco.Web.BackOffice.Controllers
     /// Inheriting from this controller means that ALL of your methods are JSON methods that are called by Angular,
     /// methods that are not called by Angular or don't contain a valid csrf header will NOT work.
     /// </remarks>
-    //[TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
+    [TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
     [TypeFilter(typeof(AngularJsonOnlyConfigurationAttribute))] // TODO: This could be applied with our Application Model conventions
     public abstract class UmbracoAuthorizedJsonController : UmbracoAuthorizedApiController
     {

src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs

@@ -22,6 +22,10 @@ namespace Umbraco.Extensions
         {
             services.AddAntiforgery();
 
+            //We need to have runtime compilation of views when using backoffice. We could consider having only this when a specific config is set.
+            //But as far as I can see, there are still precompiled views, even when this is activated, so maybe it is okay.
+            services.AddControllersWithViews().AddRazorRuntimeCompilation();
+
             services
                 .AddAuthentication(Constants.Security.BackOfficeAuthenticationType)
                 .AddCookie(Constants.Security.BackOfficeAuthenticationType);
@@ -32,7 +36,7 @@ namespace Umbraco.Extensions
         /// <summary>
         /// Adds the services required for using Umbraco back office Identity
         /// </summary>
-        /// <param name="services"></param>        
+        /// <param name="services"></param>
         public static void AddUmbracoBackOfficeIdentity(this IServiceCollection services)
         {
             services.AddDataProtection();
@@ -48,7 +52,7 @@ namespace Umbraco.Extensions
 
             // Configure the options specifically for the UmbracoBackOfficeIdentityOptions instance
             services.ConfigureOptions<ConfigureUmbracoBackOfficeIdentityOptions>();
-            //services.TryAddScoped<ISecurityStampValidator, SecurityStampValidator<BackOfficeIdentityUser>>();            
+            //services.TryAddScoped<ISecurityStampValidator, SecurityStampValidator<BackOfficeIdentityUser>>();
         }
 
         private static IdentityBuilder BuildUmbracoBackOfficeIdentity(this IServiceCollection services)
@@ -56,7 +60,7 @@ namespace Umbraco.Extensions
             // Borrowed from https://github.com/dotnet/aspnetcore/blob/master/src/Identity/Extensions.Core/src/IdentityServiceCollectionExtensions.cs#L33
             // The reason we need our own is because the Identity system doesn't cater easily for multiple identity systems and particularly being
             // able to configure IdentityOptions to a specific provider since there is no named options. So we have strongly typed options
-            // and strongly typed ILookupNormalizer and IdentityErrorDescriber since those are 'global' and we need to be unintrusive. 
+            // and strongly typed ILookupNormalizer and IdentityErrorDescriber since those are 'global' and we need to be unintrusive.
 
             // TODO: Could move all of this to BackOfficeComposer?
 
@@ -71,7 +75,7 @@ namespace Umbraco.Extensions
             services.TryAddScoped<IUserClaimsPrincipalFactory<BackOfficeIdentityUser>, UserClaimsPrincipalFactory<BackOfficeIdentityUser>>();
             services.TryAddScoped<UserManager<BackOfficeIdentityUser>>();
 
-            // CUSTOM:            
+            // CUSTOM:
             services.TryAddScoped<BackOfficeLookupNormalizer>();
             services.TryAddScoped<BackOfficeIdentityErrorDescriber>();
 

src/Umbraco.Web.BackOffice/Umbraco.Web.BackOffice.csproj

@@ -11,6 +11,7 @@
     </ItemGroup>
 
     <ItemGroup>
+      <PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="3.1.4" />
       <PackageReference Include="Serilog.AspNetCore" Version="3.2.0" />
     </ItemGroup>
 

src/Umbraco.Web.UI.NetCore/Startup.cs

@@ -47,9 +47,6 @@ namespace Umbraco.Web.UI.BackOffice
             services.AddUmbracoRuntimeMinifier(_config);
             services.AddUmbracoBackOffice();
             services.AddUmbracoBackOfficeIdentity();
-
-            services.AddMvc();
-
             services.AddMiniProfiler(options =>
             {
                 options.ShouldProfile = request => false; // WebProfiler determine and start profiling. We should not use the MiniProfilerMiddleware to also profile