StaticFilesOptions Default { get; }
Source
Gets a default instance of StaticFilesOptions with default configuration settings.
Provides a base implementation for a web-based AppSurfaceStartup{TModule} that handles MVC, CORS, and static file configuration based on registered IAppSurfaceWebModule instances.
TModuleThe root IAppSurfaceWebModule for the application.WebStartup<TModule> WithOptions(Action<WebOptions>? configureOptions = null)
Source
Registers an optional callback to customize WebOptions and enables fluent chaining.
configureOptionsAn optional action invoked later when WebOptions are built to modify configuration.The same WebStartup{TModule} instance to support fluent configuration.
Task RunAsync(string[] args)
Source
Starts the web host with AppSurface Web's deterministic development-port fallback when the caller has not explicitly configured an endpoint through command-line arguments, environment variables, or appsettings.
argsThe command-line arguments supplied by the caller.A task that completes when the web host run exits.
AppSurfaceWebDevelopmentPortResolution ResolveDevelopmentPortDefaults(string[] args)
Source
Resolves the effective command-line arguments before the web host starts.
argsThe command-line arguments supplied by the caller.The resolved startup arguments and any deterministic development-port metadata.
Task RunResolvedAsync(string[] args)
Source
Runs the base host startup path with arguments after AppSurface Web development defaults have been resolved.
argsThe effective command-line arguments to pass into the host.A task that completes when the web host run exits.
void BuildModules(StartupContext context)
Source
Collects and caches all IAppSurfaceWebModule instances found in the provided startup context. This method is idempotent.
contextThe startup context whose dependencies and root module are inspected for web modules.This method is idempotent; subsequent calls have no effect once modules are built.
void BuildWebOptions(StartupContext context)
Source
Initializes and caches WebOptions by applying configuration from discovered modules and the optional custom callback; enables static file support when MVC is configured for controllers with views.
contextThe startup context used when invoking module and custom option configuration.This method is idempotent; subsequent calls have no effect once options are built.
void ConfigureServicesForAppType(StartupContext context, IServiceCollection services)
Source
Configures services required for the web application: registers MVC application parts from the entry assembly and enabled web modules, and adds a CORS policy when CORS is enabled.
contextStartup context providing environment information and the entry-point assembly.servicesThe service collection to register MVC and CORS services into.InvalidOperationExceptionThrown when CORS is enabled but no allowed origins are specified outside the development all-origins path, or when non-development configuration includes the literal wildcard origin *.IHostBuilder ConfigureBuilderForAppType(StartupContext context, IHostBuilder builder)
Source
Configures the provided host builder with web host defaults and registers the application's web initialization pipeline.
contextThe startup context used to collect modules and build web options.builderThe host builder to configure.The same IHostBuilder configured with web host defaults and the application's initialization pipeline.
void InitializeWebApplication(StartupContext context, IApplicationBuilder app)
Source
Configures the application's middleware pipeline and endpoint routing for the web application.
contextThe startup context containing environment, entry point, and discovered modules used during configuration.appThe application builder to configure (middleware, routing, CORS, endpoints, etc.).Provides a static entry point for starting a web application with a custom startup class and root module.
TStartupThe type of the custom startup class, inheriting from WebStartup{TModule}.TModuleThe type of the root web module.Task RunAsync(string[] args, Action<WebOptions>? configureOptions = null)
Source
Asynchronously runs the web application using the specified command-line arguments and optional option configuration.
argsThe command-line arguments provided at application startup.configureOptionsAn optional delegate to further customize WebOptions during startup.A Task representing the asynchronous operation of running the web application.
Provides a simplified static entry point for starting a web application using a default startup configuration.
TModuleThe type of the root web module.Task RunAsync(string[] args, Action<WebOptions>? configureOptions = null)
Source
Asynchronously runs the web application with a default startup using the specified command-line arguments and optional configuration.
argsThe command-line arguments provided at application startup.configureOptionsAn optional delegate to customize WebOptions during startup.A Task representing the asynchronous operation of running the web application.
Represents configuration options for serving static files and web assets.
StaticFilesOptions Default { get; }
Source
Gets a default instance of StaticFilesOptions with default configuration settings.
bool EnableStaticFiles { get; set; }
Source
Gets or sets a value indicating whether static files are enabled. This is automatically enabled when MvcSupport.ControllersWithViews or higher is used.
bool EnableStaticWebAssets { get; set; }
Source
Gets or sets a value indicating whether static web assets (from RCLs) are enabled. This is automatically enabled in the development environment.
Provides defaults for AppSurface configuration-audit HTTP diagnostics endpoints.
Use DefaultRoute when a host wants the standard opt-in AppSurface diagnostics path. Prefer a custom route with AppSurfaceConfigAuditDiagnosticsEndpointRouteBuilderExtensions.MapAppSurfaceConfigAuditDiagnostics(Microsoft.AspNetCore.Routing.IEndpointRouteBuilder, string, string) when the deployment already reserves this prefix or needs diagnostics to live under a host-owned operations path. Configuration audit output is support-sensitive even after value redaction, and the mapper hides the endpoint from API Explorer/OpenAPI by default instead of treating it as a public discovery surface.
Builds operator-facing details for AppSurface Web startup watchdog failures.
The diagnostic intentionally keeps to process and host-shape facts that are safe to log: sandbox markers, startup phase, directories, static-asset mode, and endpoint-shaped command-line arguments. It avoids inspecting arbitrary app configuration values, which may contain secrets.
AppSurfaceWebStartupTimeoutDiagnostic Create(TimeSpan startupTimeout, string startupPhase, string currentDirectory, string baseDirectory, bool staticWebAssetsEnabled, IReadOnlyList<string> startupArgs, Func<string, string?> environmentReader)
Source
Creates a startup-timeout diagnostic from the current process environment.
startupTimeoutConfigured startup watchdog timeout.startupPhaseStartup phase observed when the watchdog fired.currentDirectoryCurrent working directory used by the host.baseDirectoryApplication base directory used for dependency and asset resolution.staticWebAssetsEnabledWhether AppSurface static web asset loading was enabled.startupArgsEffective startup arguments after AppSurface development-port resolution.environmentReaderEnvironment reader used to detect sandbox markers.A diagnostic object suitable for structured logging and tests.
bool SandboxDetected { get; }
Source
Gets a value indicating whether the process environment contains a known sandbox marker.
string SandboxSummary { get; }
Source
Gets a display-safe summary of detected sandbox markers.
string RecommendedAction { get; }
Source
Gets the concrete next step operators should try first.
string StartupArgsSummary { get; }
Source
Gets endpoint-related command-line arguments rendered for diagnostics.
Represents configuration options for AppSurface's conventional browser error pages.
The default configuration keeps BrowserStatusPageMode at BrowserStatusPageMode.Auto, which enables conventional 401, 403, and 404 browser pages only when MVC support already includes Razor views. Apps that need the HTML status-page experience regardless of their starting MVC mode can opt into BrowserStatusPageMode.Enabled, while API-only or custom status-code handling stacks should use BrowserStatusPageMode.Disabled. Conventional production 500 pages are separate and always require an explicit call to UseConventionalExceptionPage.
void UseConventionalBrowserStatusPages()
Source
Explicitly enables AppSurface's conventional browser status pages.
Use this when an app must always render the conventional HTML 401, 403, and 404 pages. AppSurface may effectively require controllers with views at startup so the configured Razor pages can execute.
void DisableBrowserStatusPages()
Source
Explicitly disables AppSurface's conventional browser status pages.
Use this for APIs, custom status-code middleware, or any app that wants to keep conventional browser status routes and handling out of the pipeline even when MVC view support is available.
void UseConventionalExceptionPage()
Source
Explicitly enables AppSurface's conventional production exception page.
Use this for browser-facing apps that want AppSurface to own the production 500 page through ASP.NET Core exception handling. The page renders only safe generic copy plus a request id, and AppSurface leaves Development behavior alone so developer exception diagnostics can remain active during local work. API-only apps or applications with custom exception middleware should leave this disabled and register their own handling before application endpoints.
void DisableConventionalExceptionPage()
Source
Explicitly disables AppSurface's conventional production exception page.
Use this when a module enables the conventional exception page but the application host needs to supply a different exception-handling policy, such as JSON problem details, tenant-specific pages, or telemetry-first middleware.
bool AreConventionalBrowserStatusPagesEnabled(MvcSupport mvcSupportLevel)
Source
Determines whether AppSurface should enable conventional browser status pages for the supplied MVC support level.
mvcSupportLevelThe MVC capability currently configured for the app.true when the conventional page should be active; otherwise, false.
This helper is used by AppSurface startup after module and app options are applied. In BrowserStatusPageMode.Auto, the feature only turns on when MVC already includes views. In BrowserStatusPageMode.Enabled, the feature is active regardless of the incoming MVC level because startup may upgrade the app to support Razor views.
ErrorPagesOptions Default { get; }
Source
Gets a default instance of ErrorPagesOptions with BrowserStatusPageMode.Auto.
BrowserStatusPageMode BrowserStatusPageMode { get; set; }
Source
Gets or sets the conventional browser status page behavior for the application.
BrowserStatusPageMode.Auto is the default and turns the feature on only when the app's MVC support reaches MvcSupport.ControllersWithViews. Choosing BrowserStatusPageMode.Enabled can cause AppSurface startup to upgrade MVC support so the conventional Razor views can render. Choosing BrowserStatusPageMode.Disabled prevents the reserved framework routes and browser-oriented status handling from activating.
bool ConventionalExceptionPageEnabled { get; set; }
Source
Gets or sets a value indicating whether AppSurface should render the conventional production exception page.
The default is false so apps do not accidentally replace an existing exception-handling policy. Set this through UseConventionalExceptionPage when browser users should see a safe, generic HTML 500 page for unhandled exceptions in non-development environments. AppSurface uses ASP.NET Core's exception-handler middleware for this feature; status-code pages cannot catch thrown exceptions.
Represents the model passed to AppSurface's conventional browser status page view.
StatusCodeThe HTTP status code being rendered. AppSurface currently produces 401, 403, or 404.OriginalPathThe nullable original request path that produced the status response, when middleware can provide it.OriginalQueryStringThe nullable original request query string that produced the status response, when middleware can provide it.The framework renderer normalizes missing or malformed route status values to 404 before creating the default model, but explicit status values must be supported by the built-in browser status page descriptors. Custom producers should pass only status codes their view understands. OriginalPath and OriginalQueryString are null for direct preview requests and can also be absent when upstream middleware strips or replaces status-code re-execution metadata. Status-page views should prefer this model for user-facing recovery copy because it captures the original failed request after AppSurface re-executes the framework route. Read HttpContext.Request only for current-request concerns such as URL generation; during re-execution it points at the reserved framework route. Treat the query string as display-only metadata, not as authorization or security input, and do not assume the path has a trailing slash or app-specific normalization.
Describes one built-in browser status page that AppSurface can preview, re-execute, and render.
StatusCodeThe supported HTTP status code for this descriptor.AppViewPathThe conventional status-specific app or shared-library override view path.ReservedRouteThe framework-owned preview and re-execute route for this status code.TitleThe document title used by the framework fallback view.EyebrowThe short label rendered above the fallback heading.HeadingThe main fallback heading shown to browser users.DescriptionThe fallback explanation of what happened and how to recover.PrimaryActionTextThe fallback primary recovery action label.Descriptors are internal framework metadata for the current built-in status set: 401, 403, and 404. Use TryGet(int, out BrowserStatusPageDescriptor) before routing or rendering arbitrary status codes; unsupported codes should not be re-executed through the browser status page pipeline.
bool TryGet(int statusCode, out BrowserStatusPageDescriptor? descriptor)
Source
Attempts to resolve a built-in browser status page descriptor for an HTTP status code.
statusCodeThe HTTP status code to resolve.descriptorWhen this method returns true, the descriptor for statusCode; otherwise null.true for supported status codes 401, 403, and 404; otherwise false.
Unknown status codes are intentionally rejected so production exception pages and future status families can be designed separately instead of accidentally using the 401/403/404 browser-page contract.
string FrameworkFallbackViewPath { get; }
Source
Gets the shared framework fallback view path used when AppViewPath cannot be resolved.
The fallback is shared across all supported statuses. App and shared Razor Class Library overrides remain status-specific through AppViewPath.
IReadOnlyList<BrowserStatusPageDescriptor> Supported { get; }
Source
Gets all built-in browser status page descriptors in the order AppSurface validates them.
This list is the built-in set for the current release, not a promise that every browser-relevant status is supported. Callers should use TryGet(int, out BrowserStatusPageDescriptor) for lookup instead of assuming a status code is present.
Configures AppSurface's explicit starter service-worker strategy.
Offline behavior is disabled by default because service workers can create stale or private-content bugs when they cache arbitrary routes. When enabled, the built-in worker caches only OfflineFallbackPath and StaticAssetPaths. It does not cache app navigations, authenticated pages, POST responses, or API data.
bool Enabled { get; set; }
Source
Gets or sets a value indicating whether AppSurface should map a starter service-worker endpoint.
string ServiceWorkerPath { get; set; }
Source
Gets or sets the app-root-relative service-worker endpoint path.
This compatibility property shares its effective value with PwaOptions.Worker on the instance owned by PwaOptions. New code should configure PwaWorkerOptions.ServiceWorkerPath. Conflicting explicit legacy and current values fail startup.
string OfflineFallbackPath { get; set; }
Source
Gets or sets the app-root-relative offline fallback page cached by the starter service worker.
string[] StaticAssetPaths { get; set; }
Source
Gets or sets app-root-relative static asset URLs the starter service worker should cache.
string BuildServiceWorkerScript(HttpContext httpContext, PwaOptions options)
Source
Composes the exact generated worker from a JSON configuration and capability-specific embedded sources.
httpContextThe request providing the effective path base.optionsThe validated PWA options.The complete classic service-worker source.
Represents privacy-safe, server-known PWA posture for diagnostics and CLI compatibility.
EnabledWhether install metadata is enabled.ManifestPathThe configured manifest path after PathBase application.OfflineEnabledWhether the offline capability is enabled.ConfiguredServiceWorkerPathThe legacy configured worker path. It remains populated for offline mode and when both worker capabilities are disabled so older CLI versions can prove that the configured endpoint is absent; it is omitted for push-only mode.ServiceWorkerPathThe legacy active offline worker path, populated only when offline support is enabled.OfflineFallbackPathThe active offline fallback path.WorkerEnabledWhether any worker capability is enabled.WorkerPathThe active shared worker path.PushEnabledWhether push handlers are enabled.WorkerScopeThe effective worker scope.RegistrationHelperPathThe active registration-helper path.DiagnosticsStable startup diagnostics.Defines the JSON-safe configuration consumed by embedded worker fragments.
OfflineEnabledWhether offline behavior is included.CachePrefixThe worker-path-specific owned cache prefix.CacheNameThe active offline cache name.LegacyCacheNamesLegacy AppSurface cache names eligible for retirement.StaticAssetsPathBase-adjusted assets to precache.OfflineFallbackThe PathBase-adjusted fallback path.PathBaseThe effective application path base.ScopeThe effective worker scope.HandlerScriptPathThe PathBase-adjusted custom push-handler path.string Read(Assembly assembly, string fileName)
Source
Reads a named PWA resource from an assembly.
assemblyThe assembly that owns the embedded PWA resource.fileNameThe final file name beneath the embedded Assets.Pwa namespace.The UTF-8 resource contents.
InvalidOperationExceptionThe named resource cannot be found or opened.string WorkerOffline { get; }
Source
Gets the optional offline capability source.
string WorkerPush { get; }
Source
Gets the default version-1 push and notification-click source.
string WorkerCustomHandler { get; }
Source
Gets the contained custom push-handler import source.
string RegistrationHelper { get; }
Source
Gets the inert browser registration-helper source.
string PathValidationVectors { get; }
Source
Gets the shared C# and JavaScript path-validation vectors.
string RegistrationHelperVersion { get; }
Source
Gets the content-derived cache version for the registration helper.
Resolves app-root-relative PWA paths beneath the current request path base.
string Add(PathString pathBase, string path)
Source
Prepends pathBase to the app-root-relative path.
pathBaseThe current request path base.pathThe app-root-relative path to resolve.The path resolved beneath pathBase.
Defines a module that exposes web-specific configuration, endpoints, and middleware.
void ConfigureWebOptions(StartupContext context, WebOptions options)
Source
Configures WebOptions for the application, such as MVC, CORS, and static files.
contextThe startup context for the application.optionsThe options to be configured.void ConfigureEndpoints(StartupContext context, IEndpointRouteBuilder endpoints)
Source
Allows the module to configure endpoint routes for the application.
contextStartup context providing environment and configuration for the module.endpointsEndpoint route builder used to map endpoints (routes, hubs, etc.).void ConfigureWebApplication(StartupContext context, IApplicationBuilder app)
Source
Configure the ASP.NET Core request pipeline for this module.
contextStartup information and services available to the module during application initialization.appThe application's request pipeline builder used to register middleware, routing, and other pipeline components.void ConfigureEndpointAwareMiddleware(StartupContext context, IApplicationBuilder app)
Source
Configures middleware that can inspect endpoint routing metadata before endpoints execute.
contextStartup information and services available to the module during application initialization.appThe application's request pipeline builder used to register endpoint-aware middleware.AppSurface invokes this hook after UseRouting and AppSurface-managed CORS middleware, and before UseEndpoints. Middleware registered here can inspect HttpContext.GetEndpoint() at request time, but unmatched requests can still have no selected endpoint. Root or host integration modules should register global authentication and authorization middleware here before feature modules add endpoint-aware middleware they own. Do not call UseRouting, UseCors, UseEndpoints, or map endpoints from this hook; use ConfigureEndpoints for endpoint mapping.
bool IncludeAsApplicationPart { get; }
Source
Gets a value indicating whether this module's assembly should be searched for MVC application parts (controllers, views, etc.). Defaults to false.
Configures AppSurface Web platform health and readiness probe endpoints.
AppSurface maps public, minimal health endpoints by default so container platforms can probe a service without application-specific endpoint wiring. The endpoints use ASP.NET Core health checks. HealthPath runs all checks; ReadyPath runs checks tagged with ReadyTag. If no checks are tagged for readiness, the readiness endpoint reports healthy once the app has started.
HealthOptions Default { get; }
Source
Gets a default enabled health options instance.
bool Enabled { get; set; }
Source
Gets or sets a value indicating whether AppSurface should map platform health and readiness endpoints.
string HealthPath { get; set; }
Source
Gets or sets the app-root-relative endpoint path that runs all registered ASP.NET Core health checks.
string ReadyPath { get; set; }
Source
Gets or sets the app-root-relative endpoint path that runs readiness-tagged ASP.NET Core health checks.
string ReadyTag { get; set; }
Source
Gets or sets the health-check tag used to select checks for the readiness endpoint.
Declares one icon entry emitted into the generated PWA manifest and optional page head metadata.
Source must be an app-root-relative path such as /icons/app-192.png. AppSurface validates the declared Sizes token values and exposes them in diagnostics, but it does not decode image dimensions at runtime. Use appsurface pwa verify to prove icon URLs are reachable and decode PNG dimensions from a running app.
string Source { get; set; }
Source
Gets or sets the app-root-relative icon URL.
string Sizes { get; set; }
Source
Gets or sets the manifest size token list, for example 192x192 or 192x192 512x512.
string Type { get; set; }
Source
Gets or sets the icon content type. Defaults to image/png.
string? Purpose { get; set; }
Source
Gets or sets the optional manifest purpose, for example any or maskable.
Represents configuration options for ASP.NET Core MVC services and features.
MvcOptions Default { get; }
Source
Gets a new default instance of MvcOptions configured with MvcSupport.Controllers.
MvcSupport MvcSupportLevel { get; init; }
Source
Gets the level of MVC support to register (e.g., Controllers only, or Controllers with Views).
Action<IMvcBuilder>? ConfigureMvc { get; init; }
Source
Gets an optional delegate for performing advanced configuration of the IMvcBuilder.
Specifies the level of MVC feature support to enable in the web application.
The numeric values are explicit because this public enum may be persisted, serialized, or bound by applications. New values should be appended without changing the values documented here.
Tracks legacy and current service-worker path assignments without making configuration-provider order observable.
void SetLegacyValue(string value)
Source
Records an explicit assignment through the legacy offline compatibility property.
valueThe assigned app-root-relative worker path.void SetWorkerValue(string value)
Source
Records an explicit assignment through the current worker property.
valueThe assigned app-root-relative worker path.bool LegacyWasSet { get; set; }
Source
Gets a value indicating whether the legacy offline path property was assigned explicitly.
bool WorkerWasSet { get; set; }
Source
Gets a value indicating whether the current worker path property was assigned explicitly.
bool HasConflict { get; }
Source
Gets a value indicating whether the legacy and current properties were assigned different paths.
string EffectiveValue { get; }
Source
Gets the current worker path, preferring the current property over the legacy compatibility property.
Represents configuration options for the web application, including MVC, CORS, and static file settings.
MvcOptions Mvc { get; set; }
Source
Gets or sets MVC-specific configuration options, such as support levels and custom MVC configuration.
CorsOptions Cors { get; set; }
Source
Gets or sets CORS configuration options for defining cross-origin resource sharing policies.
StaticFilesOptions StaticFiles { get; set; }
Source
Gets or sets configuration options for serving static files within the web application.
ErrorPagesOptions Errors { get; set; }
Source
Gets or sets configuration options for conventional framework browser status pages.
The default value is ErrorPagesOptions.Default, which leaves browser status pages in BrowserStatusPageMode.Auto. In that mode, AppSurface only enables the conventional browser 401, 403, and 404 experience when MVC support already includes views. Use explicit modes when an app must always force or always suppress the conventional pages. When enabled, AppSurface reserves /_appsurface/errors/401, /_appsurface/errors/403, and /_appsurface/errors/404 for direct rendering, and ignores that path prefix when deciding whether to apply browser-oriented status-page middleware. Static export tooling still consumes only the 404 route and writes only 404.html; when CDN mode is active, that emitted page is validated and rewritten with the rest of the static graph.
PwaOptions Pwa { get; set; }
Source
Gets or sets Progressive Web App install metadata, diagnostics, and explicit offline behavior.
PWA support is disabled by default. When enabled, AppSurface maps a web app manifest endpoint, optional development diagnostics, and a service-worker endpoint only when an explicit offline strategy is configured. AppSurface does not cache app routes, authenticated pages, POST responses, or user-specific data by default.
HealthOptions Health { get; set; }
Source
Gets or sets platform health and readiness probe endpoint configuration.
Health endpoints are enabled by default. AppSurface maps public, minimal /health and /ready endpoints for container and service-platform probes. Set HealthOptions.Enabled to false when a host owns probe endpoints directly.
TimeSpan? StartupTimeout { get; set; }
Source
Gets or sets the amount of time AppSurface waits for the web host to complete startup before failing fast.
The default is 10 seconds. Set this to null only for hosts that intentionally perform long-running startup work before Kestrel binds. The watchdog covers pre-bind stalls caused by package layout, sandboxing, static asset discovery, hosted-service startup, and similar issues; it does not limit normal request processing after the host has started. Timeout diagnostics include safe process context, the observed startup phase, and known Codex sandbox markers when present so operators can rerun outside the sandbox before chasing package or host-layout causes. StartupTimeout must be null or greater than TimeSpan.Zero. Use null to disable the watchdog instead of TimeSpan.Zero.
Action<IEndpointRouteBuilder>? MapEndpoints { get; set; }
Source
Gets or sets an optional delegate to configure endpoint routing for the application.
Maps opt-in AppSurface configuration-audit HTTP diagnostics endpoints.
RouteHandlerBuilder MapAppSurfaceConfigAuditDiagnostics(this IEndpointRouteBuilder endpoints, string authorizationPolicyName)
Source
Maps the AppSurface configuration-audit diagnostics endpoint at the default route.
endpointsThe endpoint route builder that receives the diagnostics endpoint.authorizationPolicyNameThe non-blank host-owned ASP.NET Core authorization policy required for the endpoint.The route handler builder so hosts can add their own endpoint metadata.
The endpoint is never mapped automatically. Hosts must call this method deliberately, register AppSurface Config services, configure authentication and authorization middleware, and supply an authorization policy that is safe for support-sensitive deployment diagnostics.
RouteHandlerBuilder MapAppSurfaceConfigAuditDiagnostics(this IEndpointRouteBuilder endpoints, string pattern, string authorizationPolicyName)
Source
Maps the AppSurface configuration-audit diagnostics endpoint at a custom route.
endpointsThe endpoint route builder that receives the diagnostics endpoint.patternThe non-blank route pattern for the endpoint.authorizationPolicyNameThe non-blank host-owned ASP.NET Core authorization policy required for the endpoint.The route handler builder so hosts can add their own endpoint metadata.
The endpoint returns the active host's sanitized ConfigAuditReport as JSON and sets no-store response headers. It is excluded from API description by default because redacted audit reports can still expose support-sensitive provider names, paths, configuration keys, and deployment structure.
IResult CreateReportResult(HttpContext httpContext, Func<ConfigAuditReport, string> serializeReport)
Source
Creates the diagnostics response for the current request.
httpContextThe current request context, including a request service provider and writable response.serializeReportThe serializer used to render the sanitized ConfigAuditReport.An IResult containing either the report JSON or a safe problem response.
This internal overload exists as a test seam for serialization and failure-path verification. Production code should expose the endpoint through MapAppSurfaceConfigAuditDiagnostics(Microsoft.AspNetCore.Routing.IEndpointRouteBuilder, string, string) instead of calling this helper directly.
Controls when AppSurface maps browser-facing PWA diagnostics.
Diagnostics can expose deploy and browser-install posture. Keep the default DevelopmentOnly unless a host intentionally wants the diagnostics available behind its own controls. The numeric values are explicit because this public enum may be persisted, serialized, or bound by applications. New values should be appended without changing the values documented here.
Resolves and renders AppSurface's conventional browser status page views.
View resolution prefers the status-specific app/shared Razor Class Library path first, for example ~/Views/Shared/403.cshtml. If that view is missing, the renderer falls back to AppSurface's shared framework view. Resolved paths are cached per status code so a 401 override cannot accidentally satisfy a later 403 or 404 render.
void ValidateConfiguredViews()
Source
Performs eager validation of all configured conventional browser status page views.
Call this during startup to fail fast if neither the conventional app/shared view nor the framework fallback view can be resolved for any supported status. Runtime rendering also resolves lazily, but this method turns a missing view into a predictable startup error instead of a request-time failure. Validation also warms and pins the runtime view-path cache by resolving every BrowserStatusPageDescriptor.Supported entry. If an app adds or removes status page views after this method runs, the startup-selected app or framework fallback path remains in use for the process lifetime.
Task RenderAsync(HttpContext httpContext)
Source
Renders the resolved conventional browser status page view into the current HTTP response.
httpContextThe current request context used to build the model and execute the Razor view.The rendered model is always a BrowserStatusPageModel. Its status defaults to 404 when the request is a direct render without a re-execute feature or reserved-route status code. This method does not change HttpResponse.StatusCode itself, which lets direct previews keep their existing 200 response and re-executed status requests preserve their original HTTP status. CreateModel(HttpContext) can receive an explicit status from re-execution metadata or the reserved route. That status must be supported by BrowserStatusPageDescriptor; otherwise this method throws instead of rendering a mismatched page for the existing HttpResponse.StatusCode.
Configures independent AppSurface Progressive Web App install, offline, and push-worker capabilities.
Set Enabled to true when AppSurface should emit and serve install metadata for a web app. Required metadata mirrors the browser-facing manifest fields that make install posture understandable: names, start URL, scope, display mode, theme/background colors, and 192x192 plus 512x512 icons. AppSurface maps diagnostics separately from install metadata so production apps can hide diagnostics while still serving the manifest. Offline and push capabilities activate one shared worker without requiring install metadata.
PwaOptions Default { get; }
Source
Gets a default disabled PWA options instance.
bool Enabled { get; set; }
Source
Gets or sets a value indicating whether AppSurface should map PWA install-manifest metadata endpoints.
This setting does not suppress Offline or Push when either capability is enabled.
string ManifestPath { get; set; }
Source
Gets or sets the app-root-relative generated manifest endpoint path.
Generated endpoint paths reject percent escapes so routing and emitted metadata use one representation. This path remains validated and appears PathBase-adjusted in diagnostics whenever any PWA surface is active, although the manifest endpoint is mapped only when Enabled is enabled.
PwaDiagnosticEndpointExposure DiagnosticsExposure { get; set; }
Source
Gets or sets when the PWA diagnostics endpoint should be mapped.
string DiagnosticsPath { get; set; }
Source
Gets or sets the app-root-relative diagnostics endpoint path.
Generated endpoint paths reject percent escapes so routing and emitted metadata use one representation.
string Name { get; set; }
Source
Gets or sets the full application name emitted into the manifest.
string ShortName { get; set; }
Source
Gets or sets the short application name emitted into the manifest.
string StartUrl { get; set; }
Source
Gets or sets the app-root-relative start URL emitted into the manifest.
string Scope { get; set; }
Source
Gets or sets the app-root-relative manifest and service-worker scope.
The default is /. The scope is validated whenever install metadata or a worker capability is active. Browsers use raw URL-prefix matching, so /app also covers /application; use /app/ when a path-segment boundary is intended.
PwaDisplayMode Display { get; set; }
Source
Gets or sets the display mode emitted into the manifest.
string ThemeColor { get; set; }
Source
Gets or sets the manifest and browser theme color as a CSS hex color.
string BackgroundColor { get; set; }
Source
Gets or sets the manifest background color as a CSS hex color.
IList<PwaIcon> Icons { get; }
Source
Gets or sets the icon entries emitted into the generated manifest.
PwaWorkerOptions Worker { get; }
Source
Gets shared service-worker and registration-helper endpoint settings.
PwaOfflineOptions Offline { get; }
Source
Gets explicit offline strategy settings.
PwaPushOptions Push { get; }
Source
Gets opt-in Web Push worker settings.
bool IsWorkerEnabled { get; }
Source
Gets whether at least one capability requires the shared service worker.
bool HasAnySurfaceEnabled { get; }
Source
Gets whether AppSurface should validate and map any PWA surface.
bool RequiresStaticFileMiddleware { get; }
Source
Gets whether the configured PWA surfaces require AppSurface to enable static-file middleware.
Install metadata preserves the existing static-icon behavior, offline support may reference static fallback assets, and a custom push handler may be deployed from the web root. The generated default push worker and registration helper are endpoints and do not require static-file middleware.
Evaluates whether a resolved PWA start URL path falls within a resolved manifest scope path.
The matcher centralizes the browser-style prefix contract used by both AppSurface Web startup validation and the AppSurface CLI verifier. Browser service-worker and manifest scopes use raw URL-path prefix matching. Applications that require a segment boundary should end a non-root scope in /.
bool IsPathWithinScope(string path, string scope)
Source
Returns a value indicating whether path is within scope.
pathThe resolved app-root-relative path portion of the PWA start URL.scopeThe resolved app-root-relative path portion of the PWA manifest scope.true when path is covered by scope.
Configures opt-in Web Push event handling in the shared AppSurface service worker.
Enabling push maps worker plumbing and the explicit registration helper. It does not request notification permission, create a push subscription, store subscriber identity, or send notifications.
bool Enabled { get; set; }
Source
Gets or sets a value indicating whether the generated worker should support push events.
string? HandlerScriptPath { get; set; }
Source
Gets or sets an optional app-root-relative classic worker script that owns push and notification-click events.
Leave this value null to use AppSurface's strict version-1 notification adapter. When set, AppSurface imports the script with importScripts() and does not emit its default push or click listeners. AppSurface contains a load or top-level evaluation failure with ASPWAJS030 so shared lifecycle and offline behavior remain available. The application should still deploy this asset atomically. Browser script evaluation is not transactional, so a handler must finish validation and initialization before registering listeners that would otherwise survive a later top-level exception.
Controls how AppSurface applies its conventional browser-friendly status pages.
Auto is the default and is the safest choice for most applications because it only enables the conventional pages when MVC view support is already available. Switch to Enabled when an app must always expose the conventional HTML 401, 403, and 404 experience, even if AppSurface needs to upgrade MVC support to controllers with views during startup. Use Disabled for API-first applications or when another status-code handling strategy should remain fully in control. The numeric values are explicit because this public enum may be persisted, serialized, or bound by applications. New values should be appended without changing the values documented here.
void ThrowIfInvalid(PwaOptions options, IFileProvider webRootFileProvider)
Source
Rejects generated worker/helper routes that static-file middleware would serve first.
optionsThe validated PWA options.webRootFileProviderThe effective web-root file provider.Represents configuration options for Cross-Origin Resource Sharing (CORS) policies.
Use CorsOptions when an AppSurface web application should register and apply the framework-managed CORS policy. EnableCors controls whether that policy is active outside development, while EnableAllOriginsInDevelopment keeps local browser workflows convenient without opening production defaults. Empty AllowedHeaders or AllowedMethods collections do not opt into permissive preflight behavior in production; configure the exact browser contract an application supports. Pitfall: enabling CORS in non-development environments still requires at least one allowed origin unless development-only all-origin behavior applies, and the literal wildcard origin * is rejected outside development for AppSurface-managed CORS. Use explicit origins, wildcard subdomains such as https://*.example.com, or host-owned ASP.NET Core CORS policy registration for intentionally public wildcard APIs.
bool EnableAllOriginsInDevelopment { get; set; }
Source
Gets or sets a value indicating whether all origins are allowed when running in the development environment. Defaults to true.
bool EnableCors { get; set; }
Source
Gets or sets a value indicating whether CORS is enabled for the application. Defaults to false.
string[] AllowedOrigins { get; set; }
Source
Gets or sets the collection of origins permitted to make cross-origin requests. Defaults to an empty array.
Use exact origins such as https://app.example.com. AppSurface also preserves ASP.NET Core wildcard subdomain support for origins such as https://*.example.com. The exact literal * is allowed only for the existing development compatibility path; non-development startup fails before registering the AppSurface-managed CORS policy when this collection contains *.
string[] AllowedHeaders { get; set; }
Source
Gets or sets the request headers advertised by the CORS policy during browser preflight requests. Defaults to an empty array, which advertises no custom preflight request headers in production.
Configure explicit header names, such as Content-Type or X-Request-Id, when preflighted cross-origin callers need them. Use * only when the application intentionally accepts any request header from allowed origins. Non-preflight CORS responses are still governed by origin policy and browser safelisted request behavior; this collection defines the Access-Control-Allow-Headers preflight response contract. When EnableAllOriginsInDevelopment applies, AppSurface still allows any header for local development convenience unless this collection contains one or more configured values.
string[] AllowedMethods { get; set; }
Source
Gets or sets the HTTP methods advertised by the CORS policy during browser preflight requests. Defaults to an empty array, which advertises no preflight-only HTTP methods in production.
Configure explicit method names, such as GET or POST, when preflighted cross-origin callers need them. Use * only when the application intentionally accepts any method from allowed origins. Non-preflight CORS responses are still governed by origin policy and browser method safelisting; this collection defines the Access-Control-Allow-Methods preflight response contract. When EnableAllOriginsInDevelopment applies, AppSurface still allows any method for local development convenience unless this collection contains one or more configured values.
string PolicyName { get; set; }
Source
Gets or sets the name of the CORS policy to register. Defaults to "DefaultCorsPolicy".
CorsOptions Default { get; }
Source
Gets a default instance of CorsOptions with default configuration settings.
Defines the conventional paths used by AppSurface's built-in browser-friendly status page handling.
AppSurface owns browser status pages for 401, 403, and 404 responses in this release. Production exception pages, including conventional 500 handling, are intentionally separate because ASP.NET Core routes exceptions through exception-handling middleware instead of status-code pages.
string GetAppViewPath(int statusCode)
Source
Formats the conventional app override view path for the supplied HTTP status code.
statusCodeThe integer HTTP status code used for the view filename. AppSurface currently renders 401, 403, and 404.The app/shared Razor view path produced from AppViewPathFormat.
This helper does not validate support. Callers that accept arbitrary status codes should use BrowserStatusPageDescriptor.TryGet(int, out BrowserStatusPageDescriptor) before rendering.
string GetReservedRoute(int statusCode)
Source
Formats the framework-reserved preview route for the supplied HTTP status code.
statusCodeThe integer HTTP status code used for the reserved route segment. AppSurface currently renders 401, 403, and 404.The reserved route produced from ReservedRouteFormat.
The returned path is for framework middleware, direct preview, and tooling such as static export. It should not be exposed as an application-owned route.
Provides health-check tags understood by AppSurface Web's platform probe endpoints.
Represents the model passed to AppSurface's conventional production exception view.
StatusCodeThe HTTP status code being rendered.RequestIdThe request identifier that app logs can use to correlate the failure.This model intentionally excludes exception details, request headers, cookies, route values, and form fields. Production error pages should help users recover and help operators correlate logs without disclosing request internals or implementation details.
Display modes AppSurface can emit into the generated web app manifest.
Values match the standard web app manifest display modes. AppSurface serializes MinimalUi as minimal-ui. The numeric values are explicit because this public enum may be persisted, serialized, or bound by applications. New values should be appended without changing the values documented here.
Resolves and renders AppSurface's conventional production exception page view.
View resolution prefers ConventionalExceptionPageDefaults.AppViewPath first so apps and shared Razor Class Libraries can override the page conventionally. If that view is missing, the renderer falls back to ConventionalExceptionPageDefaults.FrameworkFallbackViewPath. The rendered model is deliberately small and safe: status code plus request id only.
void ValidateConfiguredViews()
Source
Performs eager validation of the configured conventional 500 view.
Call this during startup to fail fast in production-like environments if neither the conventional app/shared view nor the framework fallback view can be resolved. Runtime rendering also resolves lazily, but this method turns a missing view into a predictable startup error instead of a request-time failure.
Task RenderAsync(HttpContext httpContext)
Source
Renders the resolved conventional 500 view into the current HTTP response.
httpContextThe current request context used to build the model and execute the Razor view.This method sets the response status to 500 and passes only ExceptionPageModel to the view. It intentionally does not inspect IExceptionHandlerFeature or request data, so exception messages, stack traces, headers, cookies, route values, and form values cannot be disclosed through the default model.
Provides the default AppSurface Web platform probe endpoint paths.
Configures the shared AppSurface service-worker and registration-helper endpoints.
The worker is mapped when either PwaOfflineOptions.Enabled or PwaPushOptions.Enabled is enabled. Worker activation is independent from install-manifest metadata.
string ServiceWorkerPath { get; set; }
Source
Gets or sets the app-root-relative generated service-worker endpoint path.
The default is /service-worker.js. On the instance owned by PwaOptions, this setting is compatible with PwaOfflineOptions.ServiceWorkerPath. Configuring both properties with different values fails startup instead of depending on configuration-provider assignment order. Percent escapes are rejected because this value owns a generated endpoint.
string RegistrationHelperPath { get; set; }
Source
Gets or sets the app-root-relative endpoint for the inert registration helper.
The default is /_appsurface/pwa/register.js. The helper is mapped only when push is enabled. Percent escapes are rejected because this value owns a generated endpoint.
bool HasServiceWorkerPathConflict { get; }
Source
Gets a value indicating whether legacy and current worker path properties were assigned conflicting values.
Resolves a deterministic development port for AppSurface web hosts in development when the caller has not already supplied explicit ASP.NET Core endpoint configuration.
AppSurfaceWebDevelopmentPortResolution Resolve(string[] args, string currentDirectory, string applicationBaseDirectory, Func<string, string?> environmentReader, IEnumerable<string>? environmentVariableNames = null)
Source
Applies a deterministic localhost --urls fallback in development when command-line arguments, environment variables, and local appsettings files do not specify where the host should listen.
argsThe command-line arguments supplied by the caller.currentDirectoryThe current working directory for the process.applicationBaseDirectoryThe application base directory for the host entry assembly.environmentReaderReads environment variables needed to detect the environment and explicit endpoint configuration.environmentVariableNamesThe available environment variable names, used to detect named Kestrel endpoint variables.A resolution describing the effective arguments. If no fallback was needed, the returned arguments match the supplied args.
Describes the effective command-line arguments after AppSurface web development defaults have been resolved.
ArgsThe effective arguments that should be passed into host startup.AppliedPortThe fallback port applied by the resolver, if any.SeedPathThe normalized workspace or project path used to compute the fallback port.string Build(PathString pathBase, PwaOptions options, IFileVersionProvider? fileVersionProvider = null)
Source
Builds the exact encoded PWA head markup shared by the Razor TagHelper and development diagnostics.
pathBaseThe request path base prepended to app-root-relative values.optionsThe validated PWA options.fileVersionProviderAn optional provider for versioning install icon URLs.Encoded head markup, or an empty string when no PWA surface is active.
Defines the conventional paths used by AppSurface's built-in browser-friendly production 500 handling.