ba7d550a74
* Move access/refresh tokens to secure cookies (#20779) * feat: adds the `credentials: include` header to all manual requests * feat: adds `credentials: include` as a configurable option to xhr requests (and sets it by default to true) * feat: configures the auto-generated fetch client from hey-api to include credentials by default * Add OpenIddict handler to hide tokens from the back-office client * Make back-office token redaction optional (default false) * Clear back-office token cookies on logout * Add configuration for backoffice cookie settings * Make cookies forcefully secure + move cookie handler enabling to the BackOfficeTokenCookieSettings * Use the "__Host-" prefix for cookie names * docs: adds documentation on cookie settings * build: sets up launch profile for vscode with new cookie recommended settings * docs: adds extra note around SameSite settings * docs: adds extra note around SameSite settings * Respect sites that do not use HTTPS * Explicitly invalidate potentially valid, old refresh tokens that should no longer be used * Removed obsolete const --------- Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com> * Remove configuration option * Invalidate all existing access tokens on upgrade * docs: updates recommended settings for development * build: removes non-existing variable * Skip flaky test * Bumped version of our test helpers to fix failing tests --------- Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
128 lines
4.0 KiB
JSON
128 lines
4.0 KiB
JSON
{
|
|
"version": "0.2.0",
|
|
"compounds": [
|
|
{
|
|
"name": "Backoffice Launch (Vite + .NET Core)",
|
|
"configurations": [
|
|
"Backoffice Launch Vite (Chrome)",
|
|
".NET Core Serve with External Auth (web)"
|
|
],
|
|
"stopAll": true,
|
|
"presentation": {
|
|
"group": "1"
|
|
}
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"name": "Backoffice Launch Vite (Chrome)",
|
|
"request": "launch",
|
|
"env": {
|
|
"VITE_UMBRACO_USE_MSW": "${input:AskForMockServer}"
|
|
},
|
|
"runtimeExecutable": "npx",
|
|
"runtimeArgs": ["vite"],
|
|
"type": "node",
|
|
"cwd": "${workspaceFolder}/src/Umbraco.Web.UI.Client",
|
|
"skipFiles": ["<node_internals>/**", "node_modules/**"],
|
|
"smartStep": true,
|
|
"autoAttachChildProcesses": true,
|
|
"serverReadyAction": {
|
|
"killOnServerStop": true,
|
|
"action": "debugWithChrome",
|
|
"pattern": "Local: http://localhost:([0-9]+)",
|
|
"uriFormat": "http://localhost:%s",
|
|
"webRoot": "${workspaceFolder}/src/Umbraco.Web.UI.Client"
|
|
},
|
|
"presentation": {
|
|
"group": "2"
|
|
}
|
|
},
|
|
{
|
|
"name": "Backoffice Attach Vite (Chrome)",
|
|
"request": "launch",
|
|
"type": "chrome",
|
|
"smartStep": true,
|
|
"url": "http://localhost:5173/",
|
|
"skipFiles": ["<node_internals>/**", "node_modules/**"],
|
|
"webRoot": "${workspaceFolder}/src/Umbraco.Web.UI.Client",
|
|
"presentation": {
|
|
"group": "2"
|
|
}
|
|
},
|
|
{
|
|
// Use IntelliSense to find out which attributes exist for C# debugging
|
|
// Use hover for the description of the existing attributes
|
|
// For further information visit https://github.com/OmniSharp/omnisharp-vscode/blob/master/debugger-launchjson.md
|
|
"name": ".NET Core Launch (web)",
|
|
"type": "coreclr",
|
|
"request": "launch",
|
|
"program": "dotnet",
|
|
"args": ["run"],
|
|
"cwd": "${workspaceFolder}/src/Umbraco.Web.UI",
|
|
"stopAtEntry": false,
|
|
"requireExactSource": false,
|
|
"postDebugTask": "kill-umbraco-web-ui",
|
|
// Enable launching a web browser when ASP.NET Core starts. For more information: https://aka.ms/VSCode-CS-LaunchJson-WebBrowser
|
|
"serverReadyAction": {
|
|
"action": "openExternally",
|
|
"pattern": "\\\\bNow listening on:\\\\s+(https?://\\\\S+)"
|
|
},
|
|
"env": {
|
|
"ASPNETCORE_ENVIRONMENT": "Development"
|
|
},
|
|
"sourceFileMap": {
|
|
"/Views": "${workspaceFolder}/Umbraco.Web.UI/Views"
|
|
},
|
|
"presentation": {
|
|
"group": "3"
|
|
}
|
|
},
|
|
{
|
|
"name": ".NET Core Attach",
|
|
"type": "coreclr",
|
|
"request": "attach",
|
|
"processId": "${command:pickProcess}",
|
|
"presentation": {
|
|
"group": "3"
|
|
}
|
|
},
|
|
{
|
|
"name": ".NET Core Serve with External Auth (web)",
|
|
"type": "coreclr",
|
|
"request": "launch",
|
|
"program": "dotnet",
|
|
"args": ["run"],
|
|
"cwd": "${workspaceFolder}/src/Umbraco.Web.UI",
|
|
"stopAtEntry": false,
|
|
"requireExactSource": false,
|
|
"checkForDevCert": true,
|
|
"postDebugTask": "kill-umbraco-web-ui",
|
|
"env": {
|
|
"ASPNETCORE_ENVIRONMENT": "Development",
|
|
"ASPNETCORE_URLS": "https://localhost:44339",
|
|
"UMBRACO__CMS__SECURITY__BACKOFFICEHOST": "http://localhost:5173",
|
|
"UMBRACO__CMS__SECURITY__AUTHORIZECALLBACKPATHNAME": "/oauth_complete",
|
|
"UMBRACO__CMS__SECURITY__AUTHORIZECALLBACKLOGOUTPATHNAME": "/logout",
|
|
"UMBRACO__CMS__SECURITY__AUTHORIZECALLBACKERRORPATHNAME": "/error",
|
|
"UMBRACO__CMS__SECURITY__KEEPUSERLOGGEDIN": "true",
|
|
"UMBRACO__CMS__SECURITY__BACKOFFICETOKENCOOKIE__SAMESITE": "None"
|
|
},
|
|
"sourceFileMap": {
|
|
"/Views": "${workspaceFolder}/Umbraco.Web.UI/Views"
|
|
},
|
|
"presentation": {
|
|
"group": "3"
|
|
}
|
|
}
|
|
],
|
|
"inputs": [
|
|
{
|
|
"id": "AskForMockServer",
|
|
"type": "promptString",
|
|
"description": "Use Mock Service Worker (MSW) for Backoffice API calls (off requires a running server)?",
|
|
"default": "off"
|
|
}
|
|
]
|
|
}
|