When I run my app, I get the following error, which is obvious, because the self signed cert is of course not trustworthy :)

I am wondering why this error does not seem to occur for other users of SpaYarp though ... Am I missing some config?

info: Yarp.ReverseProxy.Forwarder.HttpForwarder[48]
      Request: An error was encountered before receiving a response.
      System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
       ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot

I haven't been able to fully test this yet (as per my other issue) but from reading the code, I think that the line the line endpoints.Map("/{**catch-all}" in IEndpointRouteBuilderExtensions would make it so the .Net application itself can't have a "catch all" handler - which is I think a relatively common requirement.

I need to be able to have only certain requests proxied - e.g. those starting with /dist/ and other paths specific to the hot reloading features of Webpack. That would let the .Net application handle all other requests, including not matched ones.

I'm thinking that MapSpaYarp should at very least accept the string pattern as a parameter

The current logs from the proxy seem to spam the log stream. Are there any way to filter so f.ex only warnings from the proxy is logged?

I'm currently using Serilog and this is a sample from the console log:

[14:24:50 INF] Received HTTP/1.1 response 200.
[14:24:50 INF] SPA client is ready.
[14:24:50 INF] Proxying to http://localhost:6363/node_modules/.vite/deps/chunk-N7AMQ326.js?v=4cd2ae21 HTTP/2 RequestVersionOrLower no-streaming
[14:24:50 INF] SPA client is ready.
[14:24:50 INF] SPA client is ready.
[14:24:50 INF] Proxying to http://localhost:6363/node_modules/.vite/deps/@azure_msal-common_dist_error_AuthError.js?v=4cd2ae21 HTTP/2 RequestVersionOrLower no-streaming
[14:24:50 INF] SPA client is ready.
[14:24:50 INF] Proxying to http://localhost:6363/node_modules/.vite/deps/@equinor_eds-core-react.js?v=4cd2ae21 HTTP/2 RequestVersionOrLower no-streaming
[14:24:50 INF] Received HTTP/1.1 response 200.
[14:24:50 INF] SPA client is ready.

This makes it impossible to look for the log messages from our own application...

I tried to override the Serilog configuration with "AspNetCore.SpaYarp": "Warning", but that didn't seem to work.

The issue I experience may be an edge case but if you configure you application with a fallback authorization policy it will force you to authenticate before proxying to your spa.
Example fallback policy

builder.Services.AddAuthorization(options =>
{
    options.FallbackPolicy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();
});

I download the source code and determined if you add a configuration option that allows you to add the AllowAnonymousAttribute to the endpoint it fixes the issue

Example Fix in IEndpointRouteBuilderExtensions.cs

endpoints.Map(string.Format("{0}/{{**catch-all}}", spaOptions.PublicPath), async httpContext =>
        {
            var error = await forwarder.SendAsync(httpContext, spaOptions.ClientUrl, httpClient, requestOptions, transformer);
            // Check if the proxy operation was successful
            if (error != ForwarderError.None)
            {
                var errorFeature = httpContext.Features.Get<IForwarderErrorFeature>();
                var exception = errorFeature?.Exception;
            }
        }).Add(builder => { 
            if (spaOptions.ForceAnonymous)
            {
                builder.Metadata.Add(new AllowAnonymousAttribute());
            }              
        });

From a design pov not sure if you want to pass an options object to MapSpaYarp() or just add another property to SpaDevelopmentServerOptions

An update to Yarp.ReverseProxy 2.0.0 would require to drop support for netcoreapp3.1 (which is out of support since December 13 2022) and .NET 5 (which is out of support since May 10, 2022) but this fixes issues with web sockets opened by the live-refresh functionality of ng serve. These Requests produce errors like

An unhandled exception has occurred while executing the request.
System.NotSupportedException: Unsupported request method 'CONNECT'.  
at Yarp.ReverseProxy.Forwarder.RequestUtilities.GetHttpMethod(String method)
   at Yarp.ReverseProxy.Forwarder.HttpForwarder.CreateRequestMessageAsync(HttpContext context, String destinationPrefix, HttpTransformer transformer, ForwarderRequestConfig requestConfig, Boolean isStreamingRequest, ActivityCancellationTokenSource activityToken)
...

In addition, .NET7 was release November 8 2022, so it would be good to add explicit support.
If desired, I guess I can provide a pull request.

Development servers have the issue they behave not exactly as applications under IIS (e.g. app pool identity has less access than process running under current user). That's why I like to run asp.net core applications under IIS in development as well, because potentially issues due to less rights of the app pool identity will show up immediately.

Hi,
In our ASP.NET/Angular application we are not using index.html, rather we do have index.cshtml Razor page and in the program.cs file we have this as very last setting:

app.MapFallbackToController("Index", "Home");

and we add references to the generated JavaScript file hard-coded in the index.cshtml file:

    <script src="~/dist/runtime.js" asp-append-version="true"></script>
    <script src="~/dist/polyfills.js" asp-append-version="true"></script>
    <script src="~/dist/main.js" asp-append-version="true"></script>
    <script src="~/dist/vendor.js" asp-append-version="true"></script>

Still we want to take advantage of hot module reloading the Angular/Webpack provide.

Do you have any recommendation?

Hello, The application is executing the Launch Command (Process.Start), if it was not started seperately. But it also closes the process when the Debugging stops/restarts. As stated in the line below

But, it would make it more better if, it stayed even after stopping, which would be a great improvement when dealing with large SPA application.

The Stopping process is called using powershell, and I guess it could be started using the same way, which would keep it alive even when stopped debugging

I suggest to create a property in SpaDevelopmentServerOptions, which allows a functionality like LaunchDevServerIndependently, which wont close when debugger is stopped / restarted.

It makes it easy, so that the developer doesnt have to start the devserver manually/independently.

The WriteSpaConfigurationToDisk target doesn't seem to get executed. I see AssignTargetPaths being executed, but not WriteSpaConfigurationToDisk, so the spa.proxy.json file never gets generated. I've checked in AppDomain.BaseDirectory folder and the file isn't in there.

Here's AssignTargetPaths being executed:

1>Target AssignTargetPaths:
1>  Using "AssignTargetPath" task from assembly "Microsoft.Build.Tasks.Core, Version=15.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a".

But WriteSpaConfigurationToDisk isn't found in the logs at all.

Instead of relying on this build task, based on values from the csproj, I would prefer to be able to configure the root/client URL from the C# code, e.g. in a callback to UseSpaYarpMiddleware. To only execute it in development mode I can simply wrap the addition of SpaYarp with either #if DEBUG or an IWebHostEnvironment.IsDevelopment() call

Hello,

I have an error when the middleware tries to see if the spa is starter

info: Yarp.ReverseProxy.Forwarder.HttpForwarder[48] Request: An error was encountered before receiving a response. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot

Is there any way to make it work ?

Thank you so much for your help 😄

Currently SpaYarp uses the root ClientUrl to check if SpaClient server is running, even when PublicPath is defined.
Formerly I used webpack to start webpack dev srver, and I specified static: ['src'] in devServer options to direct the root request to the static src/index.html.
But now I tried to switch to Angular cli and found out that it does not allow to specify 'static' option, so SpaYarp needs to access PublicPath/PublicPath to detect the presense of spa server (index.html also needs to exist in PublicPath folder).

Hi, what is the license of this source code?

I was trying to implement this, but couldn't find a good Installation Guide, but figured it out. Posting this as a issue, for people to see.

This guide assumes that you are using the default ASP.NET Core with Angular Template, but must work with basically all.

Step 1: Add the Nuget Package

https://www.nuget.org/packages/AspNetCore.SpaYarp

Step 2: Remove Old SpaProxy Package

Remove the Package Microsoft.AspNetCore.SpaProxy. As it is not needed for this implementation.

Note : The default template adds a Environment Variable ASPNETCORE_HOSTINGSTARTUPASSEMBLIES": "Microsoft.AspNetCore.SpaProxy", in the launchSettings.json (Debug Properties in Visual Studio). Which has to be removed, so that you don't see an annoying Exception thrown that "Microsoft.AspNetCore.SpaProxy" is 404.

Step 3: Change Project Properties

In your Project Settings (csproj) -> PropertyGroup, change the following

1. SpaProxyServerUrl to SpaClientUrl
2. SpaProxyLaunchCommand to SpaLaunchCommand

Step 4: Add the Services and Usings in your Program.cs

// First
builder.Services.AddSpaYarp()

//Second
app.UseSpaYarp();

angular build is slow may be take 3 min
how to set MaxTimeoutInSeconds ?Thx is SpaProxyTimeoutInSeconds?
and in sourcecode where is the nuget package: Yarp.ReverseProxy.Forwarder

Yarp.ReverseProxy 2.0.0 has a Denial of Service Vulnerability. This vulnerability is fixed in v2.0.1.
See here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33141

I've created PR #27 to fix this.

I'm wondering if there is a possibility of using this approach on .net core 3.1? thank you.

https://github.com/marc3lsk/AspNetReactViteSpaYarp

In this repo I tried to make my client app with vite+react. When I run the dotnet app and navigate to its URL I can see my react app but it keeps reloading periodically. It seems that connection to vite WebSocket localhost:3000 is not working. How could this be fixed?

We are using Authentication and Authorization in our application and enabled them by default if no authorize attribute is used.
In such scenarios, MapSpaProxy hides the access to the route configuration.

I created PR #31 which removes the optional policyName attribute and adds IEndpointConventionBuilder as return value instead.
This allows to decide how to handle route conventions similar to when controllers or static files are mapped.

app = builder.Build();
...
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
...
app.UseSpaYarpMiddleware();
// allow anonymous access to fallback routes (index.html and angular dev-server assets)
app.MapSpaYarp().AllowAnonymous();

// alternative usage:
app.MapSpaYarp().RequireAuthorization(); // requires the default policy
app.MapSpaYarp().RequireAuthorization("SpaYarpPolicyName"); // requires a custom policy
// mixed setup with authorized and public SPA proxy paths
app.MapSpaYarp("EndpointPath1","https://localhost:7890").RequireAuthorization();
app.MapSpaYarp("EndpointPath2","https://localhost:7880").AllowAnonymous();

As quickfix, I added a custom implementation of the MapSpaYarp method in our project but it would be nice if you can merge it and create a new nuget package version.