Ends in:
4 DAYS
7 HRS
5 MIN
18 SEC
Ends in:
4 D
7 H
5 M
18 S

ABP Version 7.3 Migration Guide

This document is a guide for upgrading ABP v7.2 solutions to ABP v7.3. There are a few changes in this version that may affect your applications, please read it carefully and apply the necessary changes to your application.

OpenIddict - Refactoring of ClaimsPrincipal

There are some changes that you might need to fix in your code. You can see the following list of the required changes:

  • AbpOpenIddictClaimDestinationsManager was renamed as AbpOpenIddictClaimsPrincipalManager.
  • Use AbpOpenIddictClaimsPrincipalManager.HandleAsync instead of AbpOpenIddictClaimDestinationsManager.SetAsync, which is removed.
  • AbpDefaultOpenIddictClaimDestinationsProvider was renamed as AbpDefaultOpenIddictClaimsPrincipalHandler.
  • IAbpOpenIddictClaimDestinationsProvider was renamed as IAbpOpenIddictClaimsPrincipalHandler.
  • Use IAbpOpenIddictClaimsPrincipalHandler.HandleAsync instead of IAbpOpenIddictClaimDestinationsProvider.SetAsync, which is removed.
  • AbpOpenIddictClaimDestinationsOptions was renamed as AbpOpenIddictClaimsPrincipalOptions.

Please check this PR if you encounter any problems related to OpenIddict Module.

Nonce attribute support for Content Security Policy (CSP)

ABP Framework supports adding unique value to nonce attribute for script tags which can be used by Content Security Policy to determine whether or not a given fetch will be allowed to proceed for a given element. In other words, it provides a mechanism to execute only correct script tags with the correct nonce value.

See the Security Headers documentation for more information.

This feature comes with a small restriction. If you use any C# code used inside the script tag, it may cause errors (Because a new NonceScriptTagHelper has been added, and it replaces script tags in the HTML contents).

For example, <script @string.Empty></script> will no longer work. However, you can use the C# code for an attribute of script tag, for example, <script src="@string.Empty"></script> is completely valid and won't cause any problem.

Note: You should not use any C# code used inside the script tag, even if you don't use this feature. Because it might cause errors.

Contributors


Last updated: June 05, 2023 Edit this page on GitHub

Was this page helpful?

Please make a selection.

To help us improve, please share your reason for the negative feedback in the field below.

Please enter a note.

Thank you for your valuable feedback!

Please note that although we cannot respond to feedback, our team will use your comments to improve the experience.

In this document
Community Talks

What’s New with .NET 9 & ABP 9?

21 Nov, 17:00
Online
Watch the Event
Mastering ABP Framework Book
Mastering ABP Framework

This book will help you gain a complete understanding of the framework and modern web application development techniques.

Learn More