Skip to main content


Showing posts from July, 2023

Help! I accidently enabled HSTS–on localhost

I ran into an issue after accidently enabling HSTS for a website on localhost. This was not an issue for the original website that was running in IIS and had a certificate configured. But when I tried to run an Angular app a little bit later on http://localhost:4200 the browser redirected me immediately to https://localhost . Whoops! That was not what I wanted in this case. To fix it, you need to go the network settings of your browser, there are available at: chrome://net-internals/#hsts edge://net-internals/#hsts brave://net-internals/#hsts Enter ‘localhost’ in the domain textbox under the Delete domain security policies section and hit Delete . That should do the trick…

Why a software factory is the wrong metaphor

A metaphor that is used a lot to describe the software development process is that of a software factory. Wikipedia describes the concept of a software factory as follows: A software factory is a structured collection of related software assets that aids in producing computer software applications or software components according to specific, externally defined end-user requirements through an assembly process. A software factory applies manufacturing techniques and principles to software development to mimic the benefits of traditional manufacturing. This brings the following image on my mind:   On one end we put requirements in and on the other end working software comes out. This feeds the idea that software development is a manufacturing activity where human intervention could be minimized and most of the work can be automated.  But this idea is not correct; as Jack Reeves says in his essay What Is Software Design? coding is in fact an act of design not manufacturing.

Azure DevOps–Create a build variable in Powershell

After executing the build pipeline, I add a tag to the specific git commit to track the deployed code. This is something that is built-in the Azure DevOps pipeline functionality through the Tag Sources : Originally I used the $(build.buildNumber) variable to tag the code.  But I updated my project to use a VersionPrefix value inside my file: Of course this VersionPrefix value is not available as a variable inside my Azure DevOps pipeline. So the question is how can I create a new pipeline variable? I solved this by creating a small Powershell script that reads the value from the Directory.Build.props file and uses the task.setvariable macro to create a pipeline variable: More information: Set variables in scripts - Azure Pipelines | Microsoft Learn

Using OWASP Dependency Check in Azure DevOps for Angular applications

The OWASP Dependency-Check tool is a free open-source Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. Yesterday I explained how to integrate the OWASP Dependency Check extension in your build pipeline and use to scan .NET applications; Today I want to show how to use it for Angular applications. For Angular applications dependencies can be found in the package.json or package-lock.json. I updated the build task scan path to check for these files: Important: before you run this tool for your Angular application, make sure you first have installed all dependencies using npm install otherwise the tool will not work. Here is an example HTML output for one of our applications:

Using OWASP Dependency Check in Azure DevOps for .NET applications

The OWASP Dependency-Check tool is a free open-source Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. In this post I’ll show you how to integrate this in your Azure DevOps build pipeline using the OWASP Dependency Check task . After installing the OWASP Dependency Check extension in your Azure DevOps instance, you have a new task available: To use it with a C# project, set the scan path to your csproj folders: In the example above I configured multiple report output formats. Here is the HTML output I got after executing the build: It mentions one vulnerability. And indeed when I go to the Package Manager view in Visual Studio, I noticed that the used version was flagged: If you want to consume the results inside Azure DevOps, you have the option to output the results

Angular production build error–Index html generation failed

A colleague asked me for help with a specific Angular build error he got. Everything was working fine during development but when he tried to create a production build using ng build --configuration production --aot it failed with the following error message Index html generation failed. Let's have a look at the configuration in the angular.json : If we compare this configuration with the development version the biggest difference between the two is that for production the optimization setting was enabled. Let’s have a look inside the documentation to see what this setting does: This option enables various optimizations of the build output, including: Minification of scripts and styles Tree-shaking Dead-code elimination Inlining of critical CSS Fonts inlining Aha! I could guess where the problem appears. As we had removed the index.html from our Angular project (we are not using the default index.html but have an ASP.NET Core MVC page that is u

How delays are communicated is more important than the delay itself

Last month I had a few unfortunate experiences where deadlines were missed and a lot of extra work was spend on what was perceived as a simple and easy task. Of course it is never fun to miss a deadline and have to spend extra time (and money). But these things happen, it is and remains ‘just’ an estimate. There is always some uncertainty and risk at play. And don’t forget Hofstadter’s law: It always takes longer than you expect, even when you take into account Hofstadter's Law. So that an estimate is wrong doesn’t bother me too much and can be expected. Sidenote: Delays are part of life, if you are a regular user of the Belgian public transport system you should know.  What I didn’t like was that no communication was done and I only learned a few weeks later that we would miss our deadline. If the delay was communicated well ahead of time it wouldn’t be a big deal. At that time we could have discussed with business what to do. Could we push the deadline, involve extra

Azure DevOps–Skip CI build when pushing code

I assume today that almost everyone is using the concept of a  continuous integration(CI) build. This means that every time a new commit pushed to the master branch(or feature branch) on the remote origin the build pipeline is triggered. This allows to validate if the code changes will compile, the tests succeed, etc… To configure a CI build in Azure DevOps, you only need to specify the applicable branches in your YAML build pipeline: However there are exceptional cases where you want don’t want that a new build is triggered. In Azure DevOps this can be done by adding any of the following comments in the message or description in any of the commits that are part of a push: [skip ci] or [ci skip] skip-checks: true or skip-checks:true [skip azurepipelines] or [azurepipelines skip] [skip azpipelines] or [azpipelines skip] [skip azp] or [azp skip] ***NO_CI*** This can be useful if you want to reduce the number of consumed build minutes when using the M

GraphQL–HotChocolate - The object type `Object` has to at least define one field in order to be valid.

A colleague contacted me last week asking help with a specific HotChocolate issue they got. He shared the code and the error message with me. Here is the error he got: 1. The object type `Object` has to at least define one field in order to be valid. (HotChocolate.Types.ObjectType<System.Object>)       HotChocolate.SchemaException: For more details look at the `Errors` property.       1. The object type `Object` has to at least define one field in order to be valid. (HotChocolate.Types.ObjectType<System.Object>)          at HotChocolate.Configuration.TypeInitializer.Initialize()          at HotChocolate.SchemaBuilder.Setup.InitializeTypes(SchemaBuilder builder, IDescriptorContext context, IReadOnlyList`1 types)          at HotChocolate.SchemaBuilder.Setup.Create(SchemaBuilder builder, LazySchema lazySchema, IDescriptorContext context)          at HotChocolate.SchemaBuilder.Create(IDescriptorContext context)          at HotChocol

GraphQL–HotChocolate–Exclude specific fields when using the code first approach

HotChocolate tries to help you as much as possible to automatically generate the GraphQL schema for you when using the Code First approach. It will scan through all the types to look for public properties and methods and adds them as GraphQL fields to the schema object type. But what if you want to exclude a specific field? Here are 2 possible ways to do this. Ignoring a field A first option is to ignore specific fields: This is most useful when there is a limited number of fields that need to be excluded. Binding fields explicitly A second option you have is to disable the automatic scanning for a type and bind all fields explicitly. Therefore call the BindFieldsExplicitly method and then start to add fields manually: More information: Object Types - Hot Chocolate - ChilliCream GraphQL Platform

dotnet pack issue–files without extension

To share components, layout and some general CSS and javascript between ASP.NET Core MVC projects, we are using a Razor Class Library. This Razor Class library is packaged as a NuGet package and uploaded to Azure Artifacts. One of the libraries we share using this approach is Bootstrap. Similar to other open source projects, Bootstrap has an extensionless LICENSE file explaining the exact license agreements. When you package this project using dotnet pack , the extensionless LICENSE file is transformed into a ‘LICENSE’ folder container the ‘LICENSE’ file: I have no idea why this happens but OK it works…until the moment I added this NuGet package as a dependency to another project. When I try to publish this project (using dotnet publish ) it fails with the following error message: Error MSB3025: The source file "C:\Program Files\dotnet\sdk\6.0.101\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Publish.targets(237,5): C:\Users\tfsservice\packages\vlm.sofacore.web.huisstij