Material-Blazor · simonziegler · May 4, 2026 · May 4, 2026 · May 4, 2026 · May 4, 2026
diff --git a/.editorconfig b/.editorconfig
@@ -53,7 +53,7 @@ dotnet_naming_style.pascal_case.capitalization = pascal_case
 dotnet_style_operator_placement_when_wrapping = beginning_of_line
 tab_width = 4
 indent_size = 4
-end_of_line = crlf
+end_of_line = lf
 dotnet_style_coalesce_expression = true:suggestion
 dotnet_style_null_propagation = true:suggestion
 dotnet_style_prefer_is_null_check_over_reference_equality_method = true:suggestion

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -0,0 +1,35 @@
+# HttpSecurity.AspNet — AI Development Guide
+
+> Open-source ASP.NET class library for HTTP security headers and Content Security Policy
+
+---
+
+## Quick Reference
+
+| Item             | Value                                              |
+| :--------------- | :------------------------------------------------- |
+| **Framework**    | .NET 8.0 (`net8.0`) — runs on .NET 8, 9, 10       |
+| **Build**        | `dotnet build HttpSecurity.AspNet.slnx`            |
+| **Pack**         | `dotnet pack HttpSecurity.AspNet/HttpSecurity.AspNet.csproj` |
+| **Source gen**   | `SourceGenerator/` targets `netstandard2.0`        |
+
+---
+
+## Project Architecture
+
+| Project                  | Purpose                                            | TFM               |
+| :----------------------- | :------------------------------------------------- | :---------------- |
+| **HttpSecurity.AspNet**  | Library: CSP, headers, SRI hash generation         | `net8.0`          |
+| **SourceGenerator**      | Roslyn source generator for hash computation       | `netstandard2.0`  |
+| **HttpSecurity.Example** | Example Blazor Server app                          | `net8.0`          |
+
+---
+
+## C# Standards
+
+- `ImplicitUsings=enable`, `Nullable=enable`
+- Interfaces: `I` prefix
+- Types, properties, methods: PascalCase
+- File-scoped namespaces
+- Expression-bodied members where appropriate
+- Null-coalescing (`??`) and null-propagation (`?.`) preferred
diff --git a/.github/workflows/GithubActionsRelease.yml b/.github/workflows/GithubActionsRelease.yml
@@ -11,88 +11,86 @@
 on:
   push:
     tags:
-      - '*' # Push events to matching *, i.e. 1.0, 20.15.10
+      - "*" # Push events to matching *, i.e. 1.0, 20.15.10
 
 env:
-  buildPlatform: 'Any CPU'
-  buildConfiguration: 'Release'
+  buildPlatform: "Any CPU"
+  buildConfiguration: "Release"
   outputCSFB: ${{github.workspace}}\siteCSFB
-  projectCSFB: 'HttpSecurity.AspNet/HttpSecurity.AspNet.csproj'
-
-jobs:
+  projectCSFB: "HttpSecurity.AspNet/HttpSecurity.AspNet.csproj"
 
-############################################################################################################
-# These jobs are used to gate actions. By creating these jobs we don't need to proliferate the repo checks
-############################################################################################################
+jobs:
+  ############################################################################################################
+  # These jobs are used to gate actions. By creating these jobs we don't need to proliferate the repo checks
+  ############################################################################################################
   is-on-fork:
     name: Running on a fork?
     runs-on: ubuntu-latest
     if: github.repository != 'Material-Blazor/HttpSecurity.AspNet'
     steps:
-    - name: Nothing to see here
-      run: echo ""
+      - name: Nothing to see here
+        run: echo ""
 
   is-on-material-blazor:
     name: Running on Material-Blazor/HttpSecurity.AspNet?
     runs-on: ubuntu-latest
     if: github.repository == 'Material-Blazor/HttpSecurity.AspNet'
     steps:
-    - name: Nothing to see here
-      run: echo ""
+      - name: Nothing to see here
+        run: echo ""
 
-############################################################################################################
-# Build package and deploy
-############################################################################################################
+  ############################################################################################################
+  # Build package and deploy
+  ############################################################################################################
   build-and-deploy-package:
     name: Build nuget package & deploy to nuget
     needs: [is-on-material-blazor]
 
     runs-on: windows-latest
 
     steps:
-    - name: Get the version
-      run: echo "version=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
-      shell: bash
-
-    - name: Checkout repository under $GITHUB_WORKSPACE so the job can access it 🛎️
-      uses: actions/checkout@v4
-      with:
-        persist-credentials: false
+      - name: Get the version
+        run: echo "version=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
+        shell: bash
 
-    - name: Use dotnet
-      uses: actions/setup-dotnet@v3
-      with:
-        dotnet-version: '8.x'
+      - name: Checkout repository under $GITHUB_WORKSPACE so the job can access it 🛎️
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
-    - name: Build HttpSecurity.AspNet 🔧
-      run: dotnet build ${{env.projectCSFB}} --configuration ${{env.buildConfiguration}} -p:Version=${{env.version}}
+      - name: Use dotnet
+        uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: "10.x"
 
-    - name: Generate the NuGet package 🔧
-      run: dotnet pack ${{env.projectCSFB}} --no-build --configuration ${{env.buildConfiguration}} --output ${{env.outputCSFB}} -p:IncludeSymbols=true -p:SymbolPackageFormat=snupkg -p:Version=${{env.version}}
+      - name: Build HttpSecurity.AspNet 🔧
+        run: dotnet build ${{env.projectCSFB}} --configuration ${{env.buildConfiguration}} -p:Version=${{env.version}}
 
-    - name: Display HttpSecurity.AspNet package output Ꙫ
-      run: dir ${{env.outputCSFB}}
+      - name: Generate the NuGet package 🔧
+        run: dotnet pack ${{env.projectCSFB}} --no-build --configuration ${{env.buildConfiguration}} --output ${{env.outputCSFB}} -p:IncludeSymbols=true -p:SymbolPackageFormat=snupkg -p:Version=${{env.version}}
 
-    - name: Upload Package 🚀
-      run: dotnet nuget push ${{env.outputCSFB}}\*.nupkg -k ${{secrets.NUGET_API_KEY}} -s https://api.nuget.org/v3/index.json
+      - name: Display HttpSecurity.AspNet package output Ꙫ
+        run: dir ${{env.outputCSFB}}
 
+      - name: Upload Package 🚀
+        run: dotnet nuget push ${{env.outputCSFB}}\*.nupkg -k ${{secrets.NUGET_API_KEY}} -s https://api.nuget.org/v3/index.json
 
-############################################################################################################
-# Create release
-############################################################################################################
+  ############################################################################################################
+  # Create release
+  ############################################################################################################
   create-release:
     name: Create release
     needs: [build-and-deploy-package, is-on-material-blazor]
 
     runs-on: ubuntu-latest
 
     steps:
-    - name: Get the version
-      run: echo "version=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
-      shell: bash
-
-    - name: Create Release
-      uses: ncipollo/release-action@v1
-      with:
-        name: Release ${{env.version}}
-        tag:  ${{env.version}}
+      - name: Get the version
+        run: echo "version=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
+        shell: bash
+
+      - name: Create Release
+        uses: ncipollo/release-action@v1.21.0
+        with:
+          name: Release ${{env.version}}
+          tag: ${{env.version}}
diff --git a/.github/workflows/GithubActionsWIP.yml b/.github/workflows/GithubActionsWIP.yml
@@ -3,67 +3,66 @@
 on:
   push:
     branches:
-      - 'main'
+      - "main"
 
   pull_request:
     branches:
-      - 'main'
+      - "main"
 
 env:
-  buildPlatform: 'Any CPU'
-  buildConfiguration: 'Release'
+  buildPlatform: "Any CPU"
+  buildConfiguration: "Release"
   outputCSFB: ${{github.workspace}}/siteCSFB
-  projectCSFB: 'HttpSecurity.AspNet/HttpSecurity.AspNet.csproj'
+  projectCSFB: "HttpSecurity.AspNet/HttpSecurity.AspNet.csproj"
 
 jobs:
-
-############################################################################################################
-# These jobs are used to gate actions. By creating these jobs we don't need to proliferate the repo checks
-############################################################################################################
+  ############################################################################################################
+  # These jobs are used to gate actions. By creating these jobs we don't need to proliferate the repo checks
+  ############################################################################################################
   is-on-fork:
     name: Running on a fork?
     runs-on: ubuntu-latest
     if: github.repository != 'Material-Blazor/HttpSecurity.AspNet'
     steps:
-    - name: Nothing to see here
-      run: echo ""
+      - name: Nothing to see here
+        run: echo ""
 
   is-on-material-blazor:
     name: Running on Material-Blazor/HttpSecurity.AspNet?
     runs-on: ubuntu-latest
     if: github.repository == 'Material-Blazor/HttpSecurity.AspNet'
     steps:
-    - name: Nothing to see here
-      run: echo ""
+      - name: Nothing to see here
+        run: echo ""
 
-############################################################################################################
-# Build nuget package
-############################################################################################################
+  ############################################################################################################
+  # Build nuget package
+  ############################################################################################################
   build-package:
     name: Build nuget package
 
     runs-on: windows-latest
 
     steps:
-    - name: Set ciSuffix as env variable
-      run: echo "ciSuffix=ci.$(date +'%Y-%m-%d--%H%M')" >> $GITHUB_ENV
-      shell: bash
+      - name: Set ciSuffix as env variable
+        run: echo "ciSuffix=ci.$(date +'%Y-%m-%d--%H%M')" >> $GITHUB_ENV
+        shell: bash
 
-    - name: Checkout repository under $GITHUB_WORKSPACE so the job can access it 🛎️
-      uses: actions/checkout@v4
-      with:
-        persist-credentials: false
+      - name: Checkout repository under $GITHUB_WORKSPACE so the job can access it 🛎️
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
-    - name: Use dotnet
-      uses: actions/setup-dotnet@v3
-      with:
-        dotnet-version: '8.x'
+      - name: Use dotnet
+        uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: "10.x"
 
-    - name: Build HttpSecurity.AspNet 🔧
-      run: dotnet build ${{env.projectCSFB}} --configuration ${{env.buildConfiguration}} --version-suffix ${{env.ciSuffix}}
+      - name: Build HttpSecurity.AspNet 🔧
+        run: dotnet build ${{env.projectCSFB}} --configuration ${{env.buildConfiguration}} --version-suffix ${{env.ciSuffix}}
 
-    - name: Generate the NuGet package 🔧
-      run: dotnet pack ${{env.projectCSFB}} --no-build --configuration ${{env.buildConfiguration}} --output ${{env.outputCSFB}} -p:IncludeSymbols=true -p:SymbolPackageFormat=snupkg -p:Version=1.0.0-${{env.ciSuffix}}
+      - name: Generate the NuGet package 🔧
+        run: dotnet pack ${{env.projectCSFB}} --no-build --configuration ${{env.buildConfiguration}} --output ${{env.outputCSFB}} -p:IncludeSymbols=true -p:SymbolPackageFormat=snupkg -p:Version=1.0.0-${{env.ciSuffix}}
 
-    - name: Display HttpSecurity.AspNet package output Ꙫ
-      run: dir ${{env.outputCSFB}}
+      - name: Display HttpSecurity.AspNet package output Ꙫ
+        run: dir ${{env.outputCSFB}}
diff --git a/.markdownlint.json b/.markdownlint.json
@@ -0,0 +1,10 @@
+{
+  "MD013": {
+    "line_length": 180,
+    "code_blocks": false,
+    "tables": false
+  },
+  "MD024": false,
+  "MD033": false,
+  "MD041": false
+}
diff --git a/.prettierrc.json b/.prettierrc.json
@@ -0,0 +1,18 @@
+{
+  "endOfLine": "lf",
+  "tabWidth": 2,
+  "useTabs": false,
+  "singleQuote": false,
+  "proseWrap": "preserve",
+  "printWidth": 240,
+  "overrides": [
+    {
+      "files": "*.md",
+      "options": {
+        "parser": "markdown",
+        "printWidth": 180,
+        "proseWrap": "always"
+      }
+    }
+  ]
+}
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -0,0 +1,12 @@
+{
+  "recommendations": [
+    "EditorConfig.EditorConfig",
+    "esbenp.prettier-vscode",
+    "DavidAnson.vscode-markdownlint",
+    "bierner.markdown-mermaid",
+    "GitHub.copilot-chat",
+    "ms-dotnettools.csdevkit",
+    "ms-dotnettools.csharp",
+    "ms-dotnettools.vscode-dotnet-runtime"
+  ]
+}
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,26 @@
+{
+  // Use IntelliSense to learn about possible attributes.
+  // Hover to view descriptions of existing attributes.
+  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "HttpSecurity.Example",
+      "type": "coreclr",
+      "request": "launch",
+      "preLaunchTask": "build HttpSecurity.Example",
+      "program": "${workspaceFolder}/.artifacts/bin/HttpSecurity.Example/debug/HttpSecurity.Example.dll",
+      "cwd": "${workspaceFolder}/HttpSecurity.Example",
+      "stopAtEntry": false,
+      "justMyCode": true,
+      "env": {
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "ASPNETCORE_URLS": "https://localhost:50083"
+      },
+      "serverReadyAction": {
+        "action": "openExternally",
+        "pattern": "\\bNow listening on:\\s+(https?://\\S+)"
+      }
+    }
+  ]
+}
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,30 @@
+{
+  "extensions.experimental.affinity": {
+    "GitHub.copilot": 1,
+    "GitHub.copilot-chat": 1
+  },
+  "github.copilot.editor.enableAutoCompletions": true,
+  "files.exclude": {
+    "**/node_modules": true,
+    "**/bin": true,
+    "**/obj": true,
+    "**/.git": true,
+    "**/.artifacts": true
+  },
+  "search.exclude": {
+    "**/node_modules": true,
+    "**/bin": true,
+    "**/obj": true,
+    "**/.artifacts": true
+  },
+  "editor.formatOnSave": true,
+  "[markdown]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode",
+    "editor.formatOnSave": true,
+    "editor.wordWrap": "wordWrapColumn",
+    "editor.wordWrapColumn": 180
+  },
+  "files.associations": {
+    "appsettings*.json": "jsonc"
+  }
+}
diff --git a/.vscode/tasks.json b/.vscode/tasks.json
@@ -0,0 +1,18 @@
+{
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "label": "build HttpSecurity.Example",
+      "type": "shell",
+      "command": "dotnet",
+      "args": ["build", "--project", "${workspaceFolder}/HttpSecurity.Example/HttpSecurity.Example.csproj"],
+      "presentation": {
+        "reveal": "silent",
+        "panel": "dedicated",
+        "clear": false
+      },
+      "problemMatcher": "$msCompile",
+      "group": "build"
+    }
+  ]
+}