Gulp pipeline Guide, Security module - This week in Orchard (10/06/2022)
New Gulp pipeline Guide, fix content item display coordinator when a GroupId is provided, demo about the new Security module, and many more! Check out this post for the details!
Orchard Core updates
Gulp pipeline Guide
There is a new Guide in the documentation that explains how the Gulp pipeline works and how to use it (what files to read, what files to output and bundle). If you would like to know more about the Gulp pipeline used in Orchard Core, check out this nicely-detailed page here!
Use display names in registration settings
If you enable the Users Registration module, you can have some registration-related settings under Security -> Settings -> User Registration. This page contains a Configure users registration drop-down where the values that the users can see was simply the names of enum that holds the user registration types. Now with this minor fix users can see nice-looking display names in this drop-down with spaces and everything.
Fix content item display coordinator when a GroupId is provided
When using the IContentItemDisplayManager build-editor for a specific GroupId, the drivers for each of the corresponding part never gets called.
Steps to reproduce the behavior:
- Create a content part that generates special results when the
content.GroupIdis set to test. - Create a content type and attach the content part you previously created.
- Now create a new controller to render the content items under a specific
GroupId
in the controller caller the driver like so_displayManager.BuildEditorAsync(contentItem, _accessor.Updater, true, "true", "some-prefix").
The expected behavior would be that the driver for each attached part would get called. It's then the driver's responsibility to return something, nothing, or something different when the groupId is set. The fix is that now we call shapeResult.OnGroup(context.GroupId); to ensure the shape is rendered with a provided groupId.
Demos
Security module
The Security module right now is really focusing on security-related HTTP headers. Of course, you don't need a module for that or, you can write your own. You can just add headers directly, but the point here was to provide some defaults and secondly provide a way to easily configure them from the admin. This is especially interesting of course if you have a multi-tenant application and you don't want to hand-configure everything for everybody from code.
First of all, you need to navigate to the admin UI of Orchard Core and enable the Security module under Configuration -> Features. After that, you will find a new option under Security -> Settings, called Security Headers. Here you see a UI to edit the Security Headers.
The admin UI is not the only way to edit them, so just as with all these technical modules, it's also possible to configure it from the appsettings. There is also an example in the documentation of how to do that.
The main sections are that we have content security policy-related headers (pretty much all of those, that are supported by browsers) and permissions policy headers, everything related to various peripherals, devices, etc. And finally, we also have one configuration for referrer policy.
Let's try it out quickly! Let's say we set the referrer policy to Origin. If we open up the DevTools window of Google Chrome and navigate to the Network tab, you will see that the referrer-policy value of the response is now set to origin.
If you like to use it check out the latest release of Orchard Core, and if you would like to know more about this new module, head to YouTube for a recording!
News from the community
Orchard Core Commerce MVP planning and survey
A few weeks ago, you could see a nice demo about the Orchard Core Commerce module. And in that blog post, we also mentioned that Lombiq provides stewardship for this module. That actually means that we will do code reviews and work on features and fixes. To have that, Márk Bartha (who is the project leader from our side) started this thread and added this survey. This is about asking the community what the most important features for you would be in an Orchard Core-based e-commerce solution. If you do e-commerce or if you have an opinion about e-commerce, please share your opinion here. The point of this is to try to do not all the things but focus on what is really needed first.
Orchard Dojo Newsletter
Lombiq's Orchard Dojo Newsletter has 277 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course.
Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here!