Merge pull request #97 from GaProgMan/feature/enhancing-metadata

Enhanced readability of the csproj

changelog.md

@@ -6,7 +6,7 @@ This changelog represents all of the major (i.e. breaking) changes made to the O
 
 | Major Version Number | Changes                                                                                                                                                                   |
 |---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 8 | Removed support for ASP .NET Core on .NET Framework workflows; example and test projects now have OwaspHeaders.Core prefix, re-architected some of the test classes
+| 8 | Removed support for ASP .NET Core on .NET Framework workflows; example and test projects now have OwaspHeaders.Core prefix, re-architected some of the test classes       |
 | 7 | Added Cross-Origin-Resource-Policy header to list of defaults; simplfied the use of the middleware in Composite Root/Program.cs                                           |
 | 6 | Removes Expect-CT Header from the list of default headers                                                                                                                 |
 | 5 | XSS Protection is now hard-coded to return "0" if enabled                                                                                                                 |
@@ -15,6 +15,21 @@ This changelog represents all of the major (i.e. breaking) changes made to the O
 | 2 | Uses `secureHeaderSettings.json` and default config loader to create instances of `SecureHeadersMiddlewareConfiguration` class <br /> also uses .NET Core 2.0             |
 | 1 | Uses `secureHeaderSettings.json` and default config loader to create instances of `SecureHeadersMiddlewareConfiguration` class <br /> also uses .NET Standard 1.4         |
 
+### Version 8
+
+This version dropped support for support for ASP .NET Core on .NET Framework workflows. This means that, from version 8 onwards, this package will no longer with with .NET Framework workloads. This decision was made as Microsoft have dropped support for ASP .NET Core on .NET Framework workloads. This can be seen in the ASP .NET Core support documentation [here](https://dotnet.microsoft.com/en-us/platform/support/policy/aspnet#dotnet-core)
+
+> To help facilitate migrating applications to ASP.NET Core on .NET Core, the specified ASP.NET Core 2.1 packages (latest patched version only) will be supported on the .NET Framework and follow the support cycle for those .NET Framework versions. ASP.NET Core 2.1 is defined as "Tools" in the Microsoft Support Lifecycle Policy
+> Source: https://dotnet.microsoft.com/en-us/platform/support/policy/aspnet#dotnet-core, obtained Oct 19th, 2024.
+
+The Example and Tests csproj files (and directories) have been renamed to make the standard `OwaspHeaders.Core.{x}` where `{x}` is either `Example` (for the ASP .NET Core application which provides an example implementation) or `Tests` for the unit tests project.
+
+#### Community Contributions
+
+[swharden](https://github.com/swharden) created [PR #96](https://github.com/GaProgMan/OwaspHeaders.Core/pull/96) which greatly simplified and improved the NuGet package metadata and created a wonderful logo for the project.
+
+---
+
 ### Version 7.5
 
 This version makes it simpler to get started with the NuGet package by simplifying the use of it in Program.cs/Composite Root. This, effectively, changes the composite root from:
@@ -32,16 +47,22 @@ to:
 app.UseSecureHeadersMiddleware();
 ```
 
+---
+
 ### Version 7
 
 This version adds the Cross-Origin-Resource-Policy header with the OWASP recommended value "same-origin" to the list of default headers in the `BuildDefaultConfiguration()` extension method. This was requested via [issue #76](https://github.com/GaProgMan/OwaspHeaders.Core/issues/76).
 
+---
+
 ### Version 6
 
 This version removes Expect-CT Header from the list of default headers in the `BuildDefaultConfiguration()` extension method. This is related to [issue #72](https://github.com/GaProgMan/OwaspHeaders.Core/issues/72).
 
 All code which generates the header and it's value are still present, but it is removed from the defaults. Please see the above referenced issue for details.
 
+---
+
 ### Version 5
 
 This version of the repo ensure that the XSS Protection header (which was removed from the list of defaults in Version 4) is simplified down to the only recommended value (i.e. "0"), so that if a consumer enables XSS Protection they will only get the one possible value.
@@ -50,6 +71,8 @@ This is related to [guidance by MDN](https://developer.mozilla.org/en-US/docs/We
 
 > Warning: The X-XSS-Protection header has been deprecated by modern browsers and its use can introduce additional security issues on the client side. As such, it is recommended to set the header as X-XSS-Protection: 0 in order to disable the XSS Auditor, and not allow it to take the default behavior of the browser handling the response. Please use Content-Security-Policy instead.
 
+---
+
 ### Version 4
 
 This version of the repo removed the XSS Protection Header from the list of default headers in the `BuildDefaultConfiguration()` extension method. This is related to [issue #44](https://github.com/GaProgMan/OwaspHeaders.Core/issues/44).

src/OwaspHeaders.Core.csproj

@@ -1,33 +1,48 @@
 <Project Sdk="Microsoft.NET.Sdk">
+
   <PropertyGroup>
-    <Description>An ASP.NET Core Middleware which adds the OWASP recommended HTTP headers for enhanced security.</Description>
-    <VersionPrefix>8.1.1</VersionPrefix>
-    <Authors>Jamie Taylor</Authors>
-    <PackageProjectUrl>https://github.com/GaProgMan/OwaspHeaders.Core</PackageProjectUrl>
-    <RepositoryUrl>https://github.com/GaProgMan/OwaspHeaders.Core.git</RepositoryUrl>
-    <AssemblyName>OwaspHeaders.Core</AssemblyName>
+
     <TargetFrameworks>net6.0;net7.0;net8.0</TargetFrameworks>
+    <AssemblyName>OwaspHeaders.Core</AssemblyName>
+    <RuntimeFrameworkVersion>6.0.0</RuntimeFrameworkVersion>
+
+    <!-- NuGet metadata -->
     <PackageId>OwaspHeaders.Core</PackageId>
-    <RuntimeFrameworkVersion>2.0.0</RuntimeFrameworkVersion>
+    <Version>8.1.2</Version>
+    <Authors>Jamie Taylor</Authors>
+    <Company>RJJ Software Ltd</Company>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>
-    <PackageReadmeFile>README-NuGet.md</PackageReadmeFile>
+    <Copyright>Copyright (c) Jamie Taylor / RJJ Software Ltd</Copyright>
+    <PackageTags>owasp http headers security</PackageTags>
+    <Description>An ASP.NET Core Middleware which adds the OWASP recommended HTTP headers for enhanced security.</Description>
     <PackageIcon>icon.png</PackageIcon>
+    <PackageReadmeFile>README-NuGet.md</PackageReadmeFile>
+    <PackageProjectUrl>https://github.com/GaProgMan/OwaspHeaders.Core</PackageProjectUrl>
+    <RepositoryUrl>https://github.com/GaProgMan/OwaspHeaders.Core.git</RepositoryUrl>
+    <PublishRepositoryUrl>true</PublishRepositoryUrl>
     <IncludeSymbols>true</IncludeSymbols>
     <SymbolPackageFormat>snupkg</SymbolPackageFormat>
+
+    <!-- Source Link things -->
     <Deterministic>true</Deterministic>
     <ContinuousIntegrationBuild>true</ContinuousIntegrationBuild>
+
   </PropertyGroup>
+
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
   </ItemGroup>
+
   <ItemGroup>
     <None Include="../README-NuGet.md" Pack="true" PackagePath="" />
     <None Include="../changelog.md" pack="true" PackagePath="" />
     <None Include="../icon.png" Pack="true" PackagePath="" />
   </ItemGroup>
+
   <ItemGroup>
     <Content Include="..\README.md">
       <Link>README.md</Link>
     </Content>
   </ItemGroup>
+
 </Project>