Merge pull request #134 from GaProgMan/feature/docs-basic-entries

Feature/docs basic entries

.github/CODE_OF_CONDUCT.md

@@ -61,7 +61,7 @@ representative at an online or offline event.
 
 Instances of abusive, harassing, or otherwise unacceptable behaviour may be
 reported to the community leaders responsible for enforcement at
-[RJJ Software](mailto:info@rjj-software.co.uk?subject=OwaspHeaders.Core%20Code%20of%20Conduct%20Violation&body=I%2would%20like%20to%20report%20a%20code%20ofconmduct%20violation).
+[RJJ Software](mailto:info@rjj-software.co.uk?subject=OwaspHeaders.Core%20Code%20of%20Conduct%20Violation&body=I%20would%20like%20to%20report%20a%20code%20ofconduct%20violation).
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,26 @@
+---
+name: Report a bug
+about: Please report any bugs with the code or documentation here.
+title: ''
+labels: ''
+assignees: ''
+---
+
+## The Issue
+
+Please describe the issue in as much detail as you can here.
+
+## Software Versions Used
+
+- OwaspHeaders.Core version number: 
+- .NET SDK used: 
+- IDE used: 
+
+## Minimal Code Sample
+
+The following is a [minimal code sample](https://gaprogman.github.io/OwaspHeaders.Core/Minimal-Code-Sample/) which helps to highlight my question.
+
+```cs
+// in Program.cs
+app.UseSecureHeadersMiddleware();
+```

.github/pull_request_template.md

@@ -13,15 +13,15 @@ The following is a [minimal code sample](https://gaprogman.github.io/OwaspHeader
 app.UseSecureHeadersMiddleware();
 ```
 
-## PR Checklist
+### PR Checklist
 
 Feel free to either check the following items (by place an `x` inside of the square brackets) or by replacing the square brackets with a relevant emoji from the following list:
 
 - :white_check_mark: to indicate that you have checked something off
 - :negative_squared_cross_mark: to indicate that you haven't checked something off
 - :question: to indicate that something might not be relevant (writing tests for documentation changes, for instance)
 
-### Essential
+#### Essential
 
 These items are essential and must be completed for each commit. If they are not completed, the PR may not be accepted.
 
@@ -30,11 +30,11 @@ These items are essential and must be completed for each commit. If they are not
 - [ ] I have ensured that the code coverage has not dropped below 65%
 - [ ] I have increased the version number in OwaspHeaders.Core.csproj (only relevant for code changes)
 
-### Optional
+#### Optional
 
 - [ ] I have documented the new feature in the docs directory
 - [ ] I have provided a code sample, showing how someone could use the new code
 
-## Any Other Information
+### Any Other Information
 
 This section is optional, but it might be useful to list any other information you think is relevant.

.github/workflows/release.yml

@@ -10,6 +10,7 @@ on:
       - 'tests/**'
       - 'example/**'
       - '.github/workflows/**'
+      - 'README-NuGet.md'
 
 jobs:
 

README-NuGet.md

@@ -48,6 +48,10 @@ Please note: The above example contains only the headers added by the Middleware
 
 The source code for this NuGet package can be found at: [https://github.com/GaProgMan/OwaspHeaders.Core](https://github.com/GaProgMan/OwaspHeaders.Core).
 
+## Documentation
+
+The documentation for this NuGet package can be found at: [https://gaprogman.github.io/OwaspHeaders.Core/](https://gaprogman.github.io/OwaspHeaders.Core/).
+
 ## Issues and Bugs
 
 Please raise any issues and bugs at the above mentioned source code repo.

README.md

@@ -1,10 +1,10 @@
 # OwaspHeaders.Core
 
-An ASP.NET Core middleware designed to increase web application security by adopting the recommended [OWASP](https://www.owasp.org/index.php/Main_Page) settings.
+An ASP.NET Core middleware designed to increase web application security by adopting the [OWASP Secure Headers project](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project) recommended HTTP headers and values.
 
-| Build Status | Release Status | License used | Changelog | Code of Conduct | Documentation |
-| -------------|----------------|-----------|--------------|-----------------|---------------|
-| [![Build status](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/dotnet.yml/badge.svg)](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/dotnet.yml) | [![Release](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/release.yml/badge.svg)](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/release.yml) | [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) | [changelog](changelog.md) | [Code of Conduct.md](Code-of-Conduct.md) | [![Deploy Jekyll site to Pages](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/pages.yml/badge.svg)](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/pages.yml) |
+| Build Status | Release Status | License used  | OpenSSF |
+| -------------|----------------|--------------|---------|
+| [![Build status](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/dotnet.yml/badge.svg)](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/dotnet.yml) | [![Release](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/release.yml/badge.svg)](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/release.yml) | [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) | [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9723/badge)](https://www.bestpractices.dev/projects/9723) |
 
 Please note: this middleware **DOES NOT SUPPORT BLAZOR OR WEBASSEMBLY APPLICATIONS**. This is because setting up secure HTTP headers in a WebAssembly context is a non-trivial task.
 
@@ -18,13 +18,17 @@ Please note: this middleware **DOES NOT SUPPORT BLAZOR OR WEBASSEMBLY APPLICATIO
 
 That's it.
 
+## Documentation
+
+The latest documentation for OwaspHeaders.Core can be found at [https://gaprogman.github.io/OwaspHeaders.Core/](https://gaprogman.github.io/OwaspHeaders.Core/).
+
 ## Pull Requests
 
-[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)
+[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](https://github.com/GaProgMan/OwaspHeaders.Core/pulls)
 
-Pull requests are welcome, but please take a moment to read the Code of Conduct before submitting them or commenting on any work in this repo.
+Pull requests are welcome, but please take a moment to read the [Code of Conduct](https://github.com/GaProgMan/OwaspHeaders.Core?tab=coc-ov-file) before submitting them or commenting on any work in this repo.
 
-Also please make sure to run `dotnet format OwaspHeaders.Core.sln` in the root of the repo _before_ submitting a PR. This repo uses an [editorconfig](.editorconfig) file to enforce certain formatting rules on this repo. Any PRs which don't adhere to these formatting rules will fail a PR action (for checking the code against the rules). So to save time, please run `dotnet format OwaspHeaders.Core.sln` ahead of submitting your PR.
+We have comprehensive documentation for contributing to this project which you are encouraged to reach. This documentation can be found at: [https://gaprogman.github.io/OwaspHeaders.Core/Contributing/](https://gaprogman.github.io/OwaspHeaders.Core/Contributing/).
 
 ## Getting Started
 
@@ -62,7 +66,7 @@ Please note: The above example contains only the headers added by the Middleware
 
 The `SecureHeadersMiddleware` is used to inject the HTTP headers recommended by the [OWASP Secure Headers](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project) project into all responses generated by the ASP.NET Core pipeline.
 
-Listing and commenting on the default values that this middleware provides is out of scope for this readme. Please note that you will need to read through the above link to the Secure Headers Project in order to understand what these headers do, and the affect their presence will have on your applications when running in a web browser.
+Listing and commenting on the default values that this middleware provides is out of scope for this readme—but can be found in [the official documentation](https://gaprogman.github.io/OwaspHeaders.Core)—. Please note that you will need to read through the above link to the Secure Headers Project in order to understand what these headers do, and the affect their presence will have on your applications when running in a web browser.
 
 ## Configuration
 

SECURITY.md

@@ -20,6 +20,6 @@ The following table contains the list of versions of OwaspHeaders.Core that are
 
 ## Reporting a Vulnerability
 
-Please report vulnerabilities using GitHub's [Issues](https://github.com/GaProgMan/OwaspHeaders.Core/issues) functionality and picking the "Report a vulnerability" type.
+Please report vulnerabilities using GitHub's [Issues](https://github.com/GaProgMan/OwaspHeaders.Core/issues) functionality.
 
 We will aim to fix any vulnerabilities within 48-72 hours of them being reported.

docs/Code-of-Conduct.md

@@ -66,7 +66,7 @@ representative at an online or offline event.
 
 Instances of abusive, harassing, or otherwise unacceptable behaviour may be
 reported to the community leaders responsible for enforcement at
-[RJJ Software](mailto:info@rjj-software.co.uk?subject=OwaspHeaders.Core%20Code%20of%20Conduct%20Violation&body=I%2would%20like%20to%20report%20a%20code%20ofconmduct%20violation).
+[RJJ Software](mailto:info@rjj-software.co.uk?subject=OwaspHeaders.Core%20Code%20of%20Conduct%20Violation&body=I%20would%20like%20to%20report%20a%20code%20ofconduct%20violation).
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the

docs/Contributing.md

@@ -56,27 +56,27 @@ For instance, if you were to create a branch to implement a new HTTP header call
 > This PR adds the `X-Example-Header` HTTP header, which you can read about on the [OWASP Secure Headers Project](). 
 > This PR closes #999
 >
-> ## PR Checklist
+> ### PR Checklist
 >
 > Feel free to either check the following items (by place an `x` inside of the square brackets) or by replacing the square brackets with a relevant emoji from the following list:
 > 
 > - :white_check_mark: to indicate that you have checked something off
 > - :negative_squared_cross_mark: to indicate that you haven't checked something off
 > - :question: to indicate that something might not be relevant (writing tests for documentation changes, for instance)
 > 
-> ### Essential
+> #### Essential
 > 
 > These items are essential and must be completed for each commit. If they are not completed, the PR may not be accepted.
 > 
 > - [x] I have added tests to the OwaspHeaders.Core.Tests project
 > - [x] I have run the `dotnet-format` command and fixed any .editorconfig issues
 > - [x] I have ensured that the code coverage has not dropped below 65%
 > - [x] I have increased the version number in OwaspHeaders.Core.csproj (only relevant for code changes)
-> ### Optional
+> #### Optional
 > 
 > - :negative_squared_cross_mark: I have documented the new feature in the docs directory
 > 
-> ## Any Other Information
+> ### Any Other Information
 > 
 > No other information
 

docs/configuration/index.md

@@ -62,7 +62,7 @@ The above example contains only the headers added by the Middleware.
 
 ### Custom Configuration
 
-In most cases (except for the [Content-Security Policy](./Content-Security-Policy.md)), the default configuration will
+In most cases (except for the [Content-Security Policy](./Content-Security-Policy)), the default configuration will
 be suitable. This is because it adds the OWASP recommended headers and values. Content-Security Policy is a non-trivial
 header, and is an allowlist for sources of content for the rendered page.
 

docs/index.md

@@ -8,11 +8,13 @@ nav_order: 1
 
 OwaspHeaders.Core is an ASP.NET Core middleware designed to increase web application security by adopting the [OWASP] recommended values for HTTP headers as per the [OWASP Secure Headers] project into all responses generated by the ASP.NET Core pipeline.
 
-Listing and commenting on the default values that this middleware provides is out of scope for this readme. Please note that you will need to read through the above link to the Secure Headers Project in order to understand what these headers do, and the affect their presence will have on your applications when running in a web browser.
+![](../../assets/images/icon.png)
 
-| Build Status                                                                                                                                                                          | Release Status                                                                                                                                                                     | License used                                                                                                |
-|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------|
-| [![Build status](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/dotnet.yml/badge.svg)](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/dotnet.yml) | [![Release](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/release.yml/badge.svg)](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/release.yml) | [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) |
+Listing and commenting on the default values that this middleware provides is out of scope for this index page, but you can read about each of the default values in the [Configuration] section
+
+| Build Status                                                                                                                                                                          | Release Status                                                                                                                                                                     | License used                                                                                                | OpenSSF                                                                                                                     |
+|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|
+| [![Build status](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/dotnet.yml/badge.svg)](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/dotnet.yml) | [![Release](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/release.yml/badge.svg)](https://github.com/GaProgMan/OwaspHeaders.Core/actions/workflows/release.yml) | [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) | [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9723/badge)](https://www.bestpractices.dev/projects/9723) |
 
 {: .warning }
 This middleware **DOES NOT SUPPORT BLAZOR OR WEBASSEMBLY APPLICATIONS**. This is because setting up secure HTTP headers in a WebAssembly context is a non-trivial task.
@@ -95,4 +97,5 @@ The `web.config` file will need to be copied to the server when the application
 
 [OWASP]: https://www.owasp.org/index.php/Main_Page
 [OWASP Secure Headers]: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project
+[Configuration]: https://gaprogman.github.io/OwaspHeaders.Core/configuration/
 [this answer on ServerFault]: https://serverfault.com/a/1020784

src/OwaspHeaders.Core.csproj

@@ -8,7 +8,7 @@
 
     <!-- NuGet metadata -->
     <PackageId>OwaspHeaders.Core</PackageId>
-    <Version>9.2.2</Version>
+    <Version>9.2.3</Version>
     <Authors>Jamie Taylor</Authors>
     <Company>RJJ Software Ltd</Company>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>