Clik here to view.
Major updates to NetEscapades.AspNetCore.SecurityHeaders
In this post I provide an update on the NetEscapades.AspNetCore.SecurityHeaders project. I've just released a preview version of 1.0.0, which addresses some longstanding requests for extra...
View ArticleClik here to view.
Replacing Exceptions-as-flow-control with the result pattern: Working with...
This is the first post in the series: Working with the result pattern. Part 1 - Replacing Exceptions-as-flow-control with the result pattern (this post) In this post I provide a worked example of...
View ArticleClik here to view.
Safety and simplicity with LINQ: Working with the result pattern - Part 2
This is the second post in the series: Working with the result pattern. Part 1 - Replacing Exceptions-as-flow-control with the result pattern Part 2 - Safety and simplicity with LINQ (this post) This...
View ArticleClik here to view.
Adding more extensions to Result: Working with the result pattern - Part 3
This is the third post in the series: Working with the result pattern. Part 1 - Replacing Exceptions-as-flow-control with the result pattern Part 2 - Safety and simplicity with LINQ Part 3 - Adding...
View ArticleClik here to view.
Is the result pattern worth it?: Working with the result pattern - Part 4
This is the fourth post in the series: Working with the result pattern. Part 1 - Replacing Exceptions-as-flow-control with the result pattern Part 2 - Safety and simplicity with LINQ Part 3 - Adding...
View ArticleClik here to view.
Recent updates for NetEscapades.EnumGenerators: interceptors!
In this post I describe a recent update to the NetEscapades.EnumGenerators package. The big new feature introduced in 1.0.0-beta11 is experimental support for interceptors. Interceptors allow you to...
View ArticleClik here to view.
Cross-Origin-Opener-Policy: preventing attacks from popups: Understanding...
This is the first post in the series: Understanding cross-origin security headers. Part 1 - Cross-Origin-Opener-Policy: preventing attacks from popups (this post) In this post I describe the...
View ArticleClik here to view.
Cross-Origin-Resource-Policy: preventing hotlinking and XSSI attacks:...
This is the second post in the series: Understanding cross-origin security headers. Part 1 - Cross-Origin-Opener-Policy: preventing attacks from popups Part 2 - Cross-Origin-Resource-Policy:...
View ArticleClik here to view.
Cross-Origin-Embedder-Policy: securing embedded resources: Understanding...
This is the third post in the series: Understanding cross-origin security headers. Part 1 - Cross-Origin-Opener-Policy: preventing attacks from popups Part 2 - Cross-Origin-Resource-Policy: preventing...
View ArticleClik here to view.
Using the YamlDotNet source generator for Native AOT
In this post I show how you can use the YamlDotNet source generator in your .NET 7+ application. This is particularly important if you're planning on using your application with NativeAOT. Reading YAML...
View ArticleClik here to view.
Building LaTeX projects on Windows easily with Docker
In this short post I describe how I build LaTeX projects on a Windows machine by using Docker. There's nothing particularly novel or exciting about this, someone just asked me about it recently so this...
View ArticleClik here to view.
Implementing an interceptor with a source generator: Creating a source...
This is the eleven post in the series: Creating a source generator. Part 1 - Creating an incremental generatorPart 2 - Testing an incremental generator with snapshot testingPart 3 - Integration testing...
View ArticleClik here to view.
Reading compilation options and the C# version in source generators: Creating...
This is the twelve post in the series: Creating a source generator. Part 1 - Creating an incremental generatorPart 2 - Testing an incremental generator with snapshot testingPart 3 - Integration testing...
View ArticleClik here to view.
Accessing MSBuild properties and user configuration to source generators:...
This is the thirteen post in the series: Creating a source generator. Part 1 - Creating an incremental generatorPart 2 - Testing an incremental generator with snapshot testingPart 3 - Integration...
View ArticleClik here to view.
Supporting multiple .NET SDK versions in analyzers and source generators
In this post I describe why source generators might need to work with multiple versions of the .NET SDK. This may be necessary if you want to support features that are only available in newer versions...
View ArticleClik here to view.
Supporting multiple .NET SDK versions in a source generator: Creating a...
This is the fourteen post in the series: Creating a source generator. Part 1 - Creating an incremental generatorPart 2 - Testing an incremental generator with snapshot testingPart 3 - Integration...
View ArticleClik here to view.
Preventing client-side cross-site-scripting vulnerabilities with Trusted Types
In this post I describe how to use the Trusted Types directive as part of the Content-Security-Policy (CSP) feature to prevent against cross-site-scripting (XSS) attacks. I'll start by demonstrating...
View ArticleClik here to view.
Setting application environment variables in IIS without restarts
I recently needed to set some environment variables for an application that was running in IIS on Windows. It turns out there's lots of different ways to do that. In this post, I describe some of the...
View ArticleClik here to view.
Disabling localized satellite assemblies during dotnet publish
In this brief post I show how to reduce the size of the publish output for .NET apps by preventing the publishing of localization resources when they're not needed. What are localization satellite...
View ArticleClik here to view.
Creating an analyzer to detect infinite loops caused by ThreadAbortExceptions
In this post I describe an infinite-loop scenario that can occur on .NET Framework when a ThreadAbortException is raised. I describe when you might run into this scenario, why it happens (it's a bug in...
View ArticleClik here to view.
Running an ASP.NET Core app inside IIS in a Windows container
In this post I first discuss the differences between Linux and Windows containers, and then describe how to run an ASP.NET Core app inside IIS, inside of a Windows container. I show how to install the...
View ArticleClik here to view.
Creating provenance attestations for NuGet packages in GitHub Actions
In this post I discuss software provenance, what attestations say about your software, and how they work. I then show you can use GitHub actions to easily create a signed attestation when creating a...
View ArticleClik here to view.
Creating a software bill of materials (SBOM) for an open-source NuGet package
In this post I discuss several tools you can use to create a software bill of materials (SBOM) for an application or a NuGet package. I demonstrate GitHub's built-in "Export SBOM" button, Microsoft's...
View ArticleClik here to view.
Creating SBOM attestations in GitHub Actions
In this post I show how you can create attestations for SBOM documents that you have created for your application or Nuget package. Supply chain security and attestations In the last couple of posts on...
View ArticleClik here to view.
Verifying tricky git rebases with git range-diff
In this post I look at the git range-diff feature, available from git 2.19. I describe how it is meant to work, explain the output format, and demonstrate my attempt to test it with a small app. What...
View Article