When a template user selects the checkbox to include the KVP UserProperties component, the template should wire up the corresponding Json config file in which they are declared.
Something like:

Host.CreateDefaultBuilder(args) .ConfigureAppConfiguration((builderContext, config) => { config.AddJsonFile("app-userproperties.json", optional: true, reloadOnChange: true); })

We're getting UI breakage if we allow the carat-ed version of Bootstrap stated in the package,json to auto-update to 5.2.x
So fix it back to 5.1.x for now, since the UI is fully tested at that. Remove carat.

Also remove the gulp build dependency on deprecated node-sass and replace this with a reference to dart sass.

Hi Joe, today I noticed that a fontawesome icon wasn't resolving and just giving me a blank square. It was this one:

<span class="fas fa-hammer fa-3x"></span>

I checked the font awesome SCSS version we use in CS from the package.json @fortawesome/fontawesome-free": "5.6.3" and package in the node_modules folder and this icon should be present in this version.

If you spin up a new vanilla cloudscribe site from the CS project template (v1.71), it appears we've got out of date fontawesome font files in the folder wwwroot/webfonts.

Steps to check

1. Spin up a new vanilla cloudscribe site from project template
2. Open the directory wwwroot/webfonts file explorer.
3. Open the directory /node_modules/@fortawesome/fontawesome-free/webfonts

You'll notice that the files sizes are quite different, I guess the one in 'wwwroot/webfonts' have been baked into the template and are now stale.

Might be an idea to get Gulp to copy the source font files from the fontawesome node modules directory to the wwwroot directory this way they would always be up to date, even when you update fontawesome versions

I think this is a routing issue: \s2\closed is a 404
Site rules middleware then seems to get itself into an infinite redirect loop, and you never get to see the intended message.

cloudscribe/cloudscribe.UserProperties.Kvp#46

Inference of routes in a tenant site by helpers like @Url.Action("Index", "Forum") fails to know that 'Index' is the default action and so returns /s2/forum/index which is problematic for various inferred API calls.

Can be resolved by moving routing registration line up:
routes.AddForumRoutes(new cloudscribe.Core.Web.Components.SiteFolderRouteConstraint());
to above the block
if (useFolders) {
but that requires testing for unintended consequences.

https://github.com/exeGesIS-SDM/cloudscribe.TalkAbout/issues/17

I found that style brand-header has 100px height and it is not possible to remove it with any option.
.brand-header { height: 100px; }
and there is following div
<div class="fixed-top container-fluid brand-header bg-white">

Is it intentional?

Migrating this discussion from an email received from Mitch Howard.

Notes from Mitch Howard

Hi, Joe. Just a quick FWIW: When I've been deploying various Azure sites recently, I've been using NWebSec middleware

https://docs.nwebsec.com/en/latest/

https://www.dotnetnoob.com/2012/09/security-through-http-response-headers.html

to manage headers related to security such as: X-Frame-Options Strict-Transport-Security X-Content-Type-Options X-Download-Options X-XSS-Protection X-Content-Security-Policy / X-Content-Security-Policy-Report-Only Some headers are newer and still in beta, but others are well-established.

I've been using https://securityheaders.com/ to grade the sites after implementation. Since I know you to be very security-minded, I thought you might be interested in incorporating these into the stock Cloudscribe code.

For NWebSec, one only has to load the nuGet package and add a few lines of code in Configure().

If you prefer the Cloudscribe components to be entirely yours, rolling your own middleware to accomplish what you need isn't too complicated either.

For a test instance of Cloudscribe Core, I used this code:

if (env.IsDevelopment()) 
{ 
    app.UseDeveloperExceptionPage(); 
    app.UseDatabaseErrorPage(); 
} 
else
 { 
    app.UseExceptionHandler("/oops/error"); 
    // Commented out delivered 3 lines 
    //if (_sslIsAvailable) 
   { // app.UseHsts(); //} }
 if (_sslIsAvailable) 
 { 
    #region NWebsec Security Headers Middleware extensions 
     // See: https://docs.nwebsec.com/en/latest/nwebsec/Configuring-csp.html# 
     // and https://damienbod.com/2018/02/08/adding-http-headers-to-improve-security-in-an-asp-net-mvc-core-application/ 

     app.UseHsts(hsts => hsts.MaxAge(SecHdrOptions.HstsDays)); 
     app.UseRedirectValidation(options => options.AllowSameHostRedirectsToHttps()); 
     app.UseXContentTypeOptions(); 
     app.UseReferrerPolicy(opts => opts.NoReferrer()); 
     app.UseXXssProtection(options => options.EnabledWithBlockMode()); 
    app.UseXfo(xfo => xfo.SameOrigin()); 
    app.UseCsp(opts => opts 
    .BlockAllMixedContent() 
     .StyleSources(s => s.Self()
           .UnsafeInline()
        .CustomSources(SecHdrOptions.WhitelistStyles)) 
   .FontSources(s => s.Self()
          .CustomSources(SecHdrOptions.WhitelistFonts)) 
   .FormActions(s => s.Self()) 
   .FrameAncestors(s => s.Self()) 
   .ImageSources(s => s.Self().CustomSources(SecHdrOptions.WhitelistImages)) 
   .ScriptSources(s => s.Self()
        .UnsafeInline()
        .UnsafeEval()
        .CustomSources(SecHdrOptions.WhitelistScripts)) ); 
 #endregion 

and this static class:

public static class SecHdrOptions 
{ 
    public const int HstsDays = 180; 
    // Whitelists for NWebsec Middleware 
   public static readonly string[] WhitelistScripts = new string[] 
   { 
         "https://google.com", 
         "https://ajax.googleapis.com", 
          "https://www.google-analytics.com", 
          "https://www.gstatic.com", 
          "https://cdnjs.cloudflare.com", 
           "https://www.google.com/recaptcha/" 
   }; 

    public static readonly string[] WhitelistImages = new string[] 
    { 
         "https://cloudscribe.com", 
         "https://google.com", 
         "https://ajax.googleapis.com",
         "https://www.google-analytics.com",
         "data:", 
        "https://www.gstatic.com", 
        "https://cdnjs.cloudflare.com",
         "https://secure.gravatar.com"
     }; 

    public static readonly string[] WhitelistFonts = new string[] 
    { 
         "https://fonts.googleapis.com",
          "https://fonts.gstatic.com" 
     }; 

    public static readonly string[] WhitelistStyles = new string[] 
    { 
        "https://google.com", 
        "https://fonts.googleapis.com", 
        "https://ajax.googleapis.com",
         "https://www.gstatic.com",
         "https://cdnjs.cloudflare.com" }; 
  } 

The whitelists could be kept in config files or the database. I hope this was helpful.

Placeholder json config setting and insert partial view into _Layouts for all themes

I didn't see any cloudscribe Templates add-in when searching in Visual Studio for Mac 2019. Is that coming soon? Need help with that?

https://docs.microsoft.com/en-us/visualstudio/mac/extending-visual-studio-mac-walkthrough?view=vsmac-2019

http://addins.monodevelop.com/

In appsettings.json and appsetting.Development.json in a new cloudscribe project from the template, where Postgres is the selected EF storage option, add the following options to the example connection string:

Pooling=true;Minimum Pool Size=0;Maximum Pool Size=20;

This will enable connection pooling and sharing and reuse for Postgres database connections.

When running npm install on a new project it errors, with the following.

    "gulp": "4.0.2",
    "gulp-cli": "2.3.0",
    "gulp-concat": "2.6.1",
    "gulp-connect": "5.7.0",
    "gulp-cssmin": "0.2.0",
    "gulp-sass": "4.1.0",
    "gulp-sourcemaps": "3.0.0",
    "gulp-uglify": "3.0.2",
    "merge-stream": "2.0.0",

Bumping the gulp-sass to 4.1.0 fixes this issue, but perhaps we need to look at updating all the required packages to the latest?

When user selects the option for the newsletter component, at present nothing is delivered to help them realise that there is a "sign up" view component.

Simplest starting solution is to deliver them a view override of PageBottomPartial that includes the component to be rendered on home page routes only... although that's a bit crude we can then document how to get rid of it again or place it elsewhere.

As in the title 3.1 is the long term support release and 3.0 is at the end of its support life. We should update the template to create apps that use 3.1.

It would be great if the generated project contains a .gitignore with following content
dp_keys/
wwwroot/dist

Collation of template changes to support moving up to BS5 (many issues apply across all of the cs repositories)

Hey up Joe. Using latest VS template 1.73. In this template we're using the latest bootstrap version 4.3.1, the CSS is getting built by the gulp task.

The Bootstrap JS is at the wrong version v4.1.2, in these places in the template:

• Root wwwroot bootstrap bootstrap.js
• Site bootstrap bundles bootstrap.bundle.js
• The all theme bootstrap JS bundles e.g Lux theme bootstrap.bundle.js

Might be worth having a gulp task to copy these from the nodemodules folder?

Hi Joe,

The commit to fix #39 has broken font-awesome in some of the themes of projects created from the template version 1.72.

It appears that the new fontawesome-all.css file does not change the font family for .fa, .far, and .fas css classes, so all of the characters show as empty boxes.

Steps to reproduce:

1. Create a new cloudscribe project using the template
2. Set the site theme to 'default' through the administration panel
3. Font-awesome icons across the site (including the admin menu icons) will appear as white boxes

Most of the shared themes contain a copy of the old fontawesome-all.css file and font files and are therefore unaffected by this bug. However, I believe they won't be affected by the fix from issue #39 either.

Thanks

Useful for developers creating a new cloudscribe module, or for upgrading an existing one. Add the ability to create a cloudscribe project that has all of the database engines available, but the one that is used is defined in appsettings.json. This is very much like the web app that the main cloudscribe core project uses, and allows the development of database migrations and code that can support all of the database providers - NoDb, SQLite, MSSQL, MySQL and PgSql.

Collation of various template changes awaiting implementation as part of more wide-ranging CS upgrade

I'm not sure if this is a problem but after executing following commands:
dotnet new -i "cloudscribe.templates::*"
dotnet new cloudscribe -D NoDb -S a -L true
file launchSettings.json contains following:
"Bloglication1": {
"commandName": "Project",
"launchBrowser": true,
"applicationUrl": "https://localhost:5001;http://localhost:5000",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}

in previous version it creates following in same place:
"Blog": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"applicationUrl": "http://localhost:40258/"
},
"Blog Production": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Production"
},
"applicationUrl": "http://localhost:40258/"
}

Hey Joe, using you awesome templates! And noticed the float images could be improved a little.

When we have a float image section, if the image is alittle small the text isn't wrapping around the image and we're getting a lot of white space.

I had a quick look at the CSS and we have a CSS class 'simple-side-image' which sets the image width to 690px.

I think a better class would just be to replace the 'simple-side-image' class with something like 'col-8' or 'col-7' and bootstrap css can resize. Also because I have some small images I'm stretching them w-100 class additionally on the img class like this .

<img class="image-responsive w-100" src="/media/images/barn-conversion-interior-2.jpg">

I checked old version and it looks like utf-16 but new one looks like utf-8 to me. Not sure if this is important

In my application all my tenants using the same theme. I put this in appsettings.json:
"UserPerSiteThemes": "false", "UseSharedThemes": "true"
and I decided to delete sitefiles directory. Main reason to delete that I will not use it and I have to ignore it every time during synchronization etc.

But in this case site fails with System.IO.DirectoryNotFoundException: 'C:\Projects\Blog\New\Blog\sitefiles\s1\themes\custom1\wwwroot\' and not rendering at all.

Steps to reproduce. Create new site using this:
dotnet new cloudscribe -D NoDb -S a -L true

move custom1 theme from sitefiles\s1\themes to SharedThemes, delete/rename sitefiles directory and apply changes to appsettings.json:
"UserPerSiteThemes": "false", "UseSharedThemes": "true"
and run app. You will see .Net Core screen of death.

I understand that this is low priority but I spent few hours trying to understand why it doesn't work because I knew that sitefiles directory not suppose to be used all.

I'm not sure perhaps I did something wrong but if I execute following commands:
dotnet new -i "cloudscribe.templates::*"
dotnet new cloudscribe -D NoDb -S a -L true
dotnet restore

then I got following errors:
error NU1605: Detected package downgrade: Microsoft.EntityFrameworkCore.Tools from 2.1.1 to 2.1.0. Reference the package directly from the project to select a different version.

error NU1605: Blog -> Microsoft.AspNetCore.App 2.1.1 -> Microsoft.EntityFrameworkCore.Tools (>= 2.1.1 && < 2.2.0)

error NU1605: Blog -> Microsoft.EntityFrameworkCore.Tools (>= 2.1.0)

The navigation.xml shipped with these choices includes this for the SimpleContent Pages:

       <NavNode key="Pages"
            url="/p"
            text="Articles"
            componentVisibility=""
            treeBuilderName="cloudscribe.SimpleContent.Services.PagesNavigationTreeBuilder"
            treeBuilderAppendToBuilderNode="true">
        <Children />
        </NavNode>

So if we create a second site, the Articles menu item navigates to the page in the first tenant.
One way to resolve this is to create a navigation.{guid}.xml for the second site (as per https://www.cloudscribe.com/different-menu-items-per-tenant ) and alter the url attribute to this:
url="/t1/p"
where t1 is the foldername I gave the tenant.
But this feels hard going for someone using cloudscribe for the first time, and they will probably think it's broken.
Can we do better? Maybe instead of the url attribute can we name a controller?

options.MinimumSameSitePolicy = SameSiteMode.None;
is probably inappropriate

Need Lax or Strict?

If SimpleContent is enabled via the template options, then add the admin menu option for content cloning.

Things are not quite right in EnsureDataStorageIsReady method when using the 'AllStorage' database option which allows developers to create a project where the database type selection is done in config.

With "Pages and Blog with Home Controller as default route" the site title hyperlink goes to the "Pages" root instead of the site default page. It should link to the site default page.
The link is made by this:
<partial name="CmsSiteTitlePartial" model="@Tenant" />
I'm not sure where the mistake is, so logging this against the VS template for now.

Need to create a readme.html file and configure it to open upon project creation to provide useful information such as the default login credentials, how to configure things etc.