Andrew Lock "Sock"

What I don't really understand is if you're redirecting to somewhere on the same origin, then it should be covered by the CSP and not be violating as far as I can tell... But if your Auth is such that you redirect externally, then I'd expect you to hit the issue?

You can see someone having a similar issue with redirects here: community.auth0.com/t/applicatio...

CSP: form-action and redirects · Issue #8 · w3c/webappsec-csp From @ptoomey3 on September 23, 2015 0:12 I just wanted to open an issue to get your thoughts on form-action with respect to redirects. We have been working on deploying form-action and have run in...

Ah, intriguing! It looks like if you have a redirect from a form submission, you need to have the final location in the CSP too 🤔

github.com/w3c/webappse...

Or put another way, form-action is basically broken in a bunch of scenarios, including PRG pattern🙄

Interesting, I'm out of the country for a couple of weeks but happy to take a closer look when I'm back if you haven't got to the bottom of it 😬 what's the exact error you're getting? 🤔

Any more details? I haven't tried it specifically, but you'll need to allow js sources at a minimum. client-side wasm needs wasm-unsafe-eval too. See learn.microsoft.com/en-us/aspnet... and also the section on frame-ancestors

Publishing NuGet packages from GitHub actions the easy way with Trusted Publishing In this post I describe how you can use nuget.org's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow

Blogged: Publishing NuGet packages from GitHub actions the easy way with Trusted Publishing

andrewlock.net/easily-publi...

In this post I describe how you can use nuget's new Trusted Publishing feature to publish NuGet packages from a GitHub Actions workflow

#dotnet #NuGet #GitHubActions

Tbh, it's not my area, so you'll probably be better of raising a ticket with support 🙂 Not trying to fob you off, just might be quicker for you! 😄

I think the main thing your missing is setting the resources like service.name, deployment.environment.name and service.version using the resource builder, though I can't find any good guidance for your to follow unfortunately

Datadog OTLP Metrics Intake Endpoint Datadog, the leading service for cloud-scale monitoring.

Nothing stands out tbh, RE the metrics, this is the docs logs for the metrics OTLP endpoint, (we're missing a .NET atm) docs.datadoghq.com/opentelemetr...

but the agentless page also says this:

> The Datadog OTLP intake endpoint is in Preview. To request access, contact your account representative

I'm still not quite sure if you want to use the .NET Datadog auto-instrumentation or Datadog.Trace package, or if you want to use pure OTel? This sample shows using the standard `AddOpenTelemetry()` APIs with auto-instrumentation, sending to a Datadog agent: github.com/DataDog/dd-t...

sleep-pc: a .NET Native AOT tool to make Windows sleep after a timeout In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires

Blogged: sleep-pc: a .NET Native AOT tool to make Windows sleep after a timeout

andrewlock.net/sleep-pc-a-d...

In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires

#dotnet

Hey, I don't have any articles about it, but just to check - how are you configuring "native OTEL"? If it's just using the "standard" Otel packages (i.e. nothing Datadog specific, no Datadog.Trace etc) then you should just be able to point the exporter at the Datadog OTEL collector endpoint

As requested, I published an article about how the UI profiler works: minidump.net/measuring-ui...
It allows me to measure the responsiveness of Visual Studio when running with ReSharper, in various conditions.

I also made the source code available on github: github.com/kevingosse/U...

.NET STS releases supported for 24 months - .NET Blog .NET STS releases will be supported for 24 months

.NET STS releases are now supported for 2 years instead of 18 months starting with .NET 9 (the current STS). STS releases now go out-of-support on the same day as the previous LTS release. Upgrading to an STS release will no longer cause you to lose support!
devblogs.microsoft.com/dotnet/dotne...

Supporting platform-specific .NET tools on old .NET SDKs: Exploring the .NET 10 preview - Part 8 In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10, and how to support old SDKs

Supporting platform-specific .NET 10 tools on old .NET SDKs
Exploring the .NET 10 preview - Part 8

andrewlock.net/exploring-do...

In this post I look at the advantages, trade-offs, and implications of the new platform-specific .NET tool feature added in .NET 10 and how to support old SDKs

#dotnet

Packaging self-contained and native AOT .NET tools for NuGet: Exploring the .NET 10 preview - Part 7 In this post we look at the new support for platform-specific .NET tools, so that you can pack your tools as self-contained or Native AOT packages

Blogged: Packaging self-contained and native AOT .NET tools for NuGet - Exploring the .NET 10 preview - Part 7

andrewlock.net/exploring-do...

This post looks at the new support for platform-specific .NET tools that lets you pack tools as self-contained or Native AOT packages

#dotnet

If you're using github.com/VerifyTests/..., e.g. to protect your library's public API, also check out plugins.jetbrains.com/plugin/17240... created by Mathias Koch.

Great post! Something I think missed (because it is not correctly documented😀) is `dotnet tool install --allow-roll-forward`. You can use this when installing a tool to force it to allow roll forward, even if the tool itself doesn't.

Unfortunately I can't recall which SDK introduced it.

Agreed, I'm fairly sure that _is_ supported in general, and I've certainly used it in the past. I should have put it in the post 👍

The main 'problem' from my PoV is that this puts the onus on the consumer of the tool to _know_ that it's available, though it's also arguably 'better' 😀

Using and authoring .NET tools In this post I describe some of the complexities around authoring .NET tools, specifically around supporting multiple .NET runtimes and testing in CI

Blogged: Using and authoring .NET tools

andrewlock.net/using-and-au...

In this post I describe some of the complexities around authoring .NET tools, specifically around supporting multiple .NET runtimes and testing in CI

#dotnet

Fixing an old .NET Core native library loading issue on Alpine In this post I walk through the process of solving a native library loading issue on alpine with an old .NET runtime, showing the steps we took and the solution

Blogged: Fixing an old .NET Core native library loading issue on Alpine

andrewlock.net/fixing-an-ol...

In this post I walk through the process of solving a native library loading issue on alpine with an old .NET runtime, showing the steps we took and the solution

#dotnet

It'll obviously become increasingly important as more libraries and Frameworks support it though, so it's nice to have a test framework that can actually support those scenarios!

Yeah that's fair, I guess I still consider AOT in general to mostly be a party trick for the majority of companies, hence my bias there

Running .NET in the browser without Blazor by @andrewlock.bsky.social andrewlock.net/running-dotn... #aspnetcore #blazor

Converting an xUnit test project to TUnit In this post I discuss the new TUnit testing framework, why I ported one of my libraries to use it instead of xUnit and related issues I had to deal with

Blogged: Converting an xUnit test project to TUnit

andrewlock.net/converting-a...

In this post I discuss the new TUnit testing framework, why I ported one of my libraries to use it instead of xUnit and related issues I had to deal with

#dotnet #testing

Reset Cookies and force new sign-in using ASP.NET Core Identity This post looks at implementing a cookie reset in an ASP.NET Core application using Duende identity server which federates to Entra ID. Sometimes cookies need to be reset for end users due to size …

Blogged: Reset Cookies and force new sign-in using ASP.NET Core Identity

damienbod.com/2025/08/18/r...

#aspnetcore #identity #iam #cookie #duende #dotnet #net

Redid the way my content engine handled file watchers thanks to this post ( and @maartenballiauw.be, @woodruff.dev , @khalidabuhakmeh.mastodon.social.ap.brid.gy on @breakpoint.show ). Took the drifter example and tweaked it so that the lifetime of the object is determined by a file watcher.

Passkey support for ASP.NET Core identity: Exploring the .NET 10 preview - Part 6 In this post I look at the passkey support added to ASP.NET Core Identity and the Blazor Web App template, explore how it works, and look at the implementation

Andrew Lock explains that .NET 10 preview 6 adds passkey support to ASP.NET Core Identity, enabling passwordless login with WebAuthn in the new Blazor template. via andrewlocknet https://andrewlock.net/exploring-dotnet-10-preview-features-6-passkey-support-for-aspnetcore-identity/

Running .NET in the browser without Blazor In this post I show how to run .NET in your browser without using Blazor, and instead rely on lower-level abstractions provided by [JSImport] and [JSExport]

Blogged: Running .NET in the browser without Blazor

andrewlock.net/running-dotn...

In this post I show how to run .NET in your browser without using Blazor, and instead rely on lower-level abstractions provided by [JSImport] and [JSExport]

#dotnet #aspnetcore #wasm #webassembly

A screenshot of "dotnet make" in action

A while back, I created "dotnet make" which will invoke your favourite build tool (cake, fake, make, nuke, csproj, fsproj, proj, sln) by convention, regardless of the current working directory in the repository.

github.com/patriksvenss...