Clik here to view.
Cross-Origin-Embedder-Policy: securing embedded resources: Understanding...
This is the third post in the series: Understanding cross-origin security headers. Part 1 - Cross-Origin-Opener-Policy: preventing attacks from popups Part 2 - Cross-Origin-Resource-Policy: preventing...
View ArticleClik here to view.
Using the YamlDotNet source generator for Native AOT
In this post I show how you can use the YamlDotNet source generator in your .NET 7+ application. This is particularly important if you're planning on using your application with NativeAOT. Reading YAML...
View ArticleClik here to view.
Building LaTeX projects on Windows easily with Docker
In this short post I describe how I build LaTeX projects on a Windows machine by using Docker. There's nothing particularly novel or exciting about this, someone just asked me about it recently so this...
View ArticleClik here to view.
Implementing an interceptor with a source generator: Creating a source...
This is the eleven post in the series: Creating a source generator. Part 1 - Creating an incremental generatorPart 2 - Testing an incremental generator with snapshot testingPart 3 - Integration testing...
View ArticleClik here to view.
Reading compilation options and the C# version in source generators: Creating...
This is the twelve post in the series: Creating a source generator. Part 1 - Creating an incremental generatorPart 2 - Testing an incremental generator with snapshot testingPart 3 - Integration testing...
View ArticleClik here to view.
Accessing MSBuild properties and user configuration to source generators:...
This is the thirteen post in the series: Creating a source generator. Part 1 - Creating an incremental generatorPart 2 - Testing an incremental generator with snapshot testingPart 3 - Integration...
View ArticleClik here to view.
Supporting multiple .NET SDK versions in analyzers and source generators
In this post I describe why source generators might need to work with multiple versions of the .NET SDK. This may be necessary if you want to support features that are only available in newer versions...
View ArticleClik here to view.
Supporting multiple .NET SDK versions in a source generator: Creating a...
This is the fourteen post in the series: Creating a source generator. Part 1 - Creating an incremental generatorPart 2 - Testing an incremental generator with snapshot testingPart 3 - Integration...
View ArticleClik here to view.
Preventing client-side cross-site-scripting vulnerabilities with Trusted Types
In this post I describe how to use the Trusted Types directive as part of the Content-Security-Policy (CSP) feature to prevent against cross-site-scripting (XSS) attacks. I'll start by demonstrating...
View ArticleClik here to view.
Setting application environment variables in IIS without restarts
I recently needed to set some environment variables for an application that was running in IIS on Windows. It turns out there's lots of different ways to do that. In this post, I describe some of the...
View ArticleClik here to view.
Disabling localized satellite assemblies during dotnet publish
In this brief post I show how to reduce the size of the publish output for .NET apps by preventing the publishing of localization resources when they're not needed. What are localization satellite...
View ArticleClik here to view.
Creating an analyzer to detect infinite loops caused by ThreadAbortExceptions
In this post I describe an infinite-loop scenario that can occur on .NET Framework when a ThreadAbortException is raised. I describe when you might run into this scenario, why it happens (it's a bug in...
View ArticleClik here to view.
Running an ASP.NET Core app inside IIS in a Windows container
In this post I first discuss the differences between Linux and Windows containers, and then describe how to run an ASP.NET Core app inside IIS, inside of a Windows container. I show how to install the...
View ArticleClik here to view.
Creating provenance attestations for NuGet packages in GitHub Actions
In this post I discuss software provenance, what attestations say about your software, and how they work. I then show you can use GitHub actions to easily create a signed attestation when creating a...
View ArticleClik here to view.
Creating a software bill of materials (SBOM) for an open-source NuGet package
In this post I discuss several tools you can use to create a software bill of materials (SBOM) for an application or a NuGet package. I demonstrate GitHub's built-in "Export SBOM" button, Microsoft's...
View ArticleClik here to view.
Creating SBOM attestations in GitHub Actions
In this post I show how you can create attestations for SBOM documents that you have created for your application or Nuget package. Supply chain security and attestations In the last couple of posts on...
View ArticleClik here to view.
Verifying tricky git rebases with git range-diff
In this post I look at the git range-diff feature, available from git 2.19. I describe how it is meant to work, explain the output format, and demonstrate my attempt to test it with a small app. What...
View Article