* Replace dependency track bom script with devops task
* Introduce new url variable in order to fix new task uri
The initial variable contained the api path (/api) in the URL.
Redact back-office PKCE codes from the server (#20847)
* Redact back-office PKCE codes from the server
* Update src/Umbraco.Cms.Api.Common/DependencyInjection/HideBackOfficeTokensHandler.cs
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Redact back-office PKCE codes from the server
* Update src/Umbraco.Cms.Api.Common/DependencyInjection/HideBackOfficeTokensHandler.cs
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Removes npm commands from the MSBuild of the CSPROJ of the umbraco-extension dotnet new template
Was agreed by the community package team to remove this, as this DX can cause more issues than actually help users in our opinion
* Removed the unused value - good catch by Copilot
* Adding fix for self-referncing redirects for 17
* Using umbraco context on failing tests
* Tests to see if self referencing redirects gets deleted
* Refactoring and adding correct tests.
* Expanding tests for RedirectTrackerTests.cs
* Optimize by only retrieving th list of existing URLs for a content item if we have a valid route to create a redirect for.
* Extract method refactoring, added explanatory comment, fixed warnings and formatting.
* Resolved warnings in RedirectService.
* Minor naming and formatting refactor in tests.
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Move access/refresh tokens to secure cookies (#20779)
* feat: adds the `credentials: include` header to all manual requests
* feat: adds `credentials: include` as a configurable option to xhr requests (and sets it by default to true)
* feat: configures the auto-generated fetch client from hey-api to include credentials by default
* Add OpenIddict handler to hide tokens from the back-office client
* Make back-office token redaction optional (default false)
* Clear back-office token cookies on logout
* Add configuration for backoffice cookie settings
* Make cookies forcefully secure + move cookie handler enabling to the BackOfficeTokenCookieSettings
* Use the "__Host-" prefix for cookie names
* docs: adds documentation on cookie settings
* build: sets up launch profile for vscode with new cookie recommended settings
* docs: adds extra note around SameSite settings
* docs: adds extra note around SameSite settings
* Respect sites that do not use HTTPS
* Explicitly invalidate potentially valid, old refresh tokens that should no longer be used
* Removed obsolete const
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Remove configuration option
* Invalidate all existing access tokens on upgrade
* docs: updates recommended settings for development
* build: removes non-existing variable
* Skip flaky test
* Bumped version of our test helpers to fix failing tests
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
* Added form control support to color picker.
* Avoid submit when readonly is true.
* Added mandatory support.
* Added form control support to date picker.
* Removed an unused import.
* Added form control and mandatory support to document picker.
* Added form control support to Eye dropper.
* Added. mandatory support for multi url picker also bind inner input in the eye dropper.
* Removed unused import.
* fix update of value
* fixing not needed override of get and set methods
---------
Co-authored-by: Niels Lyngsø <niels.lyngso@gmail.com>
* Added mandatory support for block grid property editor.
* Added form control and mandatory support to code editor.
* Added form control and mandatory support to markdown editor.
---------
Co-authored-by: Niels Lyngsø <niels.lyngso@gmail.com>
* Implemented input-with-alias in the content-type-design-editor.
* Added auto-generate-alias property to the input and revert deletion of checkAliasAutoGenerate method.
* Added form-validation-message.
* Added validation to the input-with-alias element to avoid special characters.
* Chenged right and left position of the infobox.
* Added focus support to open the modal.
* Moved tabindex out the constructor and added support for enter and space keys.
* Removed isLoding condition from the rich media input and let the thumbnail handle the loader.
* Removed unused import.
* change loader and adjust lit property configuration
* update reflect configuration
---------
Co-authored-by: Niels Lyngsø <niels.lyngso@gmail.com>
* chore(mock): adds missing try/catch around document lookup
* fix: lets the 'save and preview' button extend the 'save' button to follow the same logic in terms of when it enables/disabled - it did not have much logic before
* fix: runs validation from the server when save and previewing to ensure the UI shows what is missing
Update icon usage in collection menu and example data
Replaces <uui-icon> with <umb-icon> in the default collection menu item element to support colors. Also updates example picker data source items to showcase color support.
* Exclude the relate parent on delete relation type from checks for related documents and media on delete, when disable delete with references is enabled.
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Applied suggestions from code review.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* feat: adds the `credentials: include` header to all manual requests
* feat: adds `credentials: include` as a configurable option to xhr requests (and sets it by default to true)
* feat: configures the auto-generated fetch client from hey-api to include credentials by default
* Add OpenIddict handler to hide tokens from the back-office client
* Make back-office token redaction optional (default false)
* Clear back-office token cookies on logout
* Add configuration for backoffice cookie settings
* Make cookies forcefully secure + move cookie handler enabling to the BackOfficeTokenCookieSettings
* Use the "__Host-" prefix for cookie names
* docs: adds documentation on cookie settings
* build: sets up launch profile for vscode with new cookie recommended settings
* docs: adds extra note around SameSite settings
* docs: adds extra note around SameSite settings
* Respect sites that do not use HTTPS
* Explicitly invalidate potentially valid, old refresh tokens that should no longer be used
* Removed obsolete const
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* sql column type map include dateonly and timeonly
* Split Mapper and add check null value
* Minor code tidy resolving a few warnings.
* add spaces
* clean code
---------
Co-authored-by: Lan Nguyen Thuy <lnt@umbraco.dk>
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Fix for partial view caches not being cleared when content is published/unpublished
* Update src/Umbraco.Core/Cache/Refreshers/Implement/ContentCacheRefresher.cs
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
* Change logic for clearing partial view cache
* Changed logic to only clear partial cache when content is published/unpublished or trashed
---------
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
