https://discord.umbraco.com logo
Join Discord
Powered by
๐Ÿ“ฃ New DevRel Deep Dive! ๐Ÿ“ฃ
# news
l
๐Ÿ“ฃ New DevRel Deep Dive! ๐Ÿ“ฃ @Sebastiaan and I take a look at Request Protect - a package from @Nik and @Matt Wise at Moriyama! โ–ถ๏ธ

https://youtu.be/v3l6jZzA7bwโ–พ

๐Ÿงต Any comments, drop them in a thread!
m
Though you probably don't want to... this could be a thing... 
configBuilder.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true);
Allows for 
OnChange
observeration with 
IOptionsMonitor<T>
๐Ÿค”
l
I love the opening phrase "though you probably don't want to" ๐Ÿ˜†
n
Question answers: 1. IP whitelisting allows you to bypass all the rules 2. Headers - If a site/instance is fully protected but needs API calls to work between sites, this allows them to work 3. Why? - Clients wanted to test an authoring/preview site on their mobile devices, where they don't have fixed IPs etc, Something that was missed but might be of interest, Moriyama.RequestProtect.Umbraco has a dependency on Moriyama.RequestProtect (which is pure netcore) - the .Umbraco package does have a composer to save modifying the program.cs file ๐Ÿ™‚
Also, thanks @Lotte and @Sebastiaan for taking the time to test and review it ๐Ÿ˜„
l
Aha thanks Nik, yes hadn't twigged about the dependency on the pure .NET package. I guess it doesn't matter if you add those lines to program.cs as well, but you're saying you don't need to ?
It does explain the naming convention of the nuget package tho!
n
Yep, exactly that, you can do it either way ๐Ÿ™‚ Let the Composer do it, or handle it yourself in the program.cs - We wanted to be as flexible as possible with what we made available. Also, the Admin package is only available for v14+ because we didn't want to have to manage the legacy back office ๐Ÿ™ˆ
k
this is in the core of umbraco, so IOptionsMonitor on anything in appsettings will trigger
l
Oh hi there @Kevin Jump - I don't know if you've watched the Deep Dive but my apologies for not remembering how uSync authentication works ๐Ÿคฆโ€โ™€๏ธ
k
to be honest, haven't actually watched it yet ๐Ÿ™‚
l
Well now you have to ;-P Just increasing viewer counts one at a time
k
Yes uSync does have auth - quite complicate auth really. ๐Ÿ™‚ The headers options are because firewalls, and umbraco's own basic Auth stuff block without certain headers. https://docs.umbraco.com/umbraco-cms/reference/configuration/basicauthsettings so it also obeys this
but internally its also using HMAC auth to validate requests, stop man in the middle, replay attacks etc
s
This along the lines of what I was thinking and couldn't eloquently get out of my mouth while recording haha
PreviousNext
Powered by