search

unoplatform / uno

Open-source platform for building cross-platform native Mobile, Web, Desktop and Embedded apps quickly. Create rich, C#/XAML, single-codebase apps from any IDE. Hot Reload included! 90m+ NuGet Downloads!!
https://platform.uno
Apache License 2.0
9k stars 731 forks source link

Default web.config for WASM flags CodeQL #13414

Open michael-hawker opened 1 year ago

michael-hawker commented 1 year ago

Current behavior

The default value for customErrors in web.config for WASM heads is:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
    <customErrors mode="Off"/>
  </system.web>

This flags CodeQL analysis:

'customErrors' mode set to off in Web.config, and no 'Application_Error' handler specified in the global.asax file.

Rule ID: cs/web/missing-global-error-handler View source

There's no documentation as to why this is turned Off that I could find in the Uno documentation, and there's no global.asax file I can see in the WASM project to modify either.

Is there ramifications on changing this value? Should this remain the default? Or should this analysis error be ignored?

Expected behavior

No CodeQL analysis warning on default template.

How to reproduce it (as minimally and precisely as possible)

  1. Create a blank uno template in a GitHub repository
  2. Setup CodeQL from GitHub settings to build and analyze project
  3. See analysis warning

Workaround

No response

Works on UWP/WinUI

None

Environment

Uno.WinUI / Uno.WinUI.WebAssembly / Uno.WinUI.Skia

NuGet package version(s)

No response

Affected platforms

WebAssembly

IDE

No response

IDE version

No response

Relevant plugins

No response

Anything else we need to know?

No response

jeromelaban commented 1 year ago

@michael-hawker Thanks for the report! As there's no server-side code in wasm apps, setting this configuration to either value is not going to impact the behavior of the app.

That being said, there's no default error page either at this time mostly because there can't be an errors other than 404 or a server-generated error like an IIS mis-configuration. Still, we could change this in the uno bootstrapper to either generate a default error page, or explain in documentation how to add a new page in the wwwroot folder.

Is adding an error page as part of your templating an acceptable solution?

michael-hawker commented 1 year ago

Yeah, I guess I'm not familiar enough with the ASP/IIS configuration here to know the best path, but at least a pointer to the official documentation somewhere on how to configure this and setup a page would be useful.