* Move access/refresh tokens to secure cookies (#20779)
* feat: adds the `credentials: include` header to all manual requests
* feat: adds `credentials: include` as a configurable option to xhr requests (and sets it by default to true)
* feat: configures the auto-generated fetch client from hey-api to include credentials by default
* Add OpenIddict handler to hide tokens from the back-office client
* Make back-office token redaction optional (default false)
* Clear back-office token cookies on logout
* Add configuration for backoffice cookie settings
* Make cookies forcefully secure + move cookie handler enabling to the BackOfficeTokenCookieSettings
* Use the "__Host-" prefix for cookie names
* docs: adds documentation on cookie settings
* build: sets up launch profile for vscode with new cookie recommended settings
* docs: adds extra note around SameSite settings
* docs: adds extra note around SameSite settings
* Respect sites that do not use HTTPS
* Explicitly invalidate potentially valid, old refresh tokens that should no longer be used
* Removed obsolete const
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Remove configuration option
* Invalidate all existing access tokens on upgrade
* docs: updates recommended settings for development
* build: removes non-existing variable
* Skip flaky test
* Bumped version of our test helpers to fix failing tests
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
* Remove unused help controller
* Correct documentation links
* Link to the new release site for compares
* Remove unused translation key with reference to Our
* Update NoNodes / NotFound to point to the forum instead of Our
* Change dashboards form Our to Forum and de-emphasize Discord as a support channel
* Removes Help controller reference
* Forgot to rename the css Id
* Update src/Umbraco.Web.UI.Client/src/assets/lang/ar.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Fix typo in Community Forum help menu item name
* Refer to releases instead of a download page
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Update the default dashboard with better content and clearer headings
* Obsolete the HelpController instead
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Rename Web.UI.New back to Web.UI
* Delete new backoffiec folder
* Rename client project
* Add new submodule
* Update template csproj
* Remove more mentions of new
* Add missing views
* Moving up the "Umbraco.Web.UI" proj reference, so that it is the first project listed in solution file (.sln) since it will be selected as startup one in VS by default.
* don't include grid
* Update with section of how to get started with backoffice
* Update .github/BUILD.md
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Add line about white page
---------
Co-authored-by: Elitsa <elm@umbraco.dk>
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Updated the maximum Node version supported
Building the current version of the back office is only supported on Node v16 and earlier so have updated the docs to reflect that.
* Updated the .Net and VS requirements
For v11 you now need to be running .Net 7 and VS 2022 so have updated the docs to reflect that.
* Apply suggestions from code review
Co-authored-by: Jason Elkin <jasonelkin86@gmail.com>
---------
Co-authored-by: Sebastiaan Janssen <sebastiaan@umbraco.com>
Co-authored-by: Jason Elkin <jasonelkin86@gmail.com>
