Delete Link and Script components across projects (#11324)

[ysmoradi]

closes #11324

Summary by CodeRabbit

• New Features
  • Expanded CORS exposed headers to include app platform, version, and origin for improved client access.
• Bug Fixes
  • Adjusted request headers to better handle internal vs. external API calls, reducing potential CORS issues.
• Refactor
  • Removed legacy MVC setup to streamline server configuration.
  • Removed custom Link and Script UI components; update any usages to standard HTML elements.
• Chores
  • Updated multiple third-party packages to latest stable/patch versions for security and compatibility.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Updates dependency versions. Modifies HTTP request header handling to conditionally add/remove headers based on internal vs external requests. Expands CORS exposed headers. Removes custom Link and Script Blazor components and their code-behinds. Removes MVC service registration from Server.Web.

Changes

Cohort / File(s)	Summary
Dependency versions src/Templates/Boilerplate/Bit.Boilerplate/src/Directory.Packages.props	Bumps multiple packages (e.g., Fido2.AspNet to 4.0.0, Microsoft.Identity.Web to 3.14.0, Magick.NET to 14.8.2, Twilio to 7.12.2, CommunityToolkit Aspire packages to 9.7.2). Structure unchanged.
HTTP headers handler .../Client/Boilerplate.Client.Core/Services/HttpMessageHandlers/RequestHeadersDelegatingHandler.cs	Adds conditional logic: internal requests add X-App-Version and X-App-Platform; external requests remove X-Origin. SendAsync call unchanged.
CORS exposed headers .../Server/Boilerplate.Server.Api/Program.Services.cs	Expands CORS ExposedHeaders to include X-App-Platform, X-App-Version, X-Origin in addition to existing headers.
Blazor components removed .../Server/Boilerplate.Server.Web/Components/Link.razor, .../Server/Boilerplate.Server.Web/Components/Link.razor.cs, .../Server/Boilerplate.Server.Web/Components/Script.razor, .../Server/Boilerplate.Server.Web/Components/Script.razor.cs	Deletes Link and Script components and code-behinds that appended file versions and rendered link/script tags.
Server.Web service registration .../Server/Boilerplate.Server.Web/Program.Services.cs	Removes services.AddMvc() from AddBlazor setup; Razor Components registrations remain.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant Client as Client App
  participant Handler as RequestHeadersDelegatingHandler
  participant Server as Server API
  Note over Client,Server: Request flow with conditional headers

  User->>Client: Trigger HTTP request
  Client->>Handler: SendAsync(request)
  alt Internal request
    Note right of Handler: Add X-App-Version, X-App-Platform
  else External request
    Note right of Handler: Remove X-Origin
  end
  Handler->>Server: Forward request
  Server-->>Handler: Response (CORS exposes RequestId, Age, App-Cache-Response,<br/>X-App-Platform, X-App-Version, X-Origin)
  Handler-->>Client: Return response

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Update outdated dependencies in bit Boilerplate template (#11324)	✅

Assessment against linked issues: Out-of-scope changes

Code Change	Explanation
Conditional header logic for internal vs external requests, including removal of X-Origin (src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Services/HttpMessageHandlers/RequestHeadersDelegatingHandler.cs)	Functional behavior change unrelated to dependency updates.
Expanded CORS ExposedHeaders to include X-App-Platform, X-App-Version, X-Origin (src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/Program.Services.cs)	Configuration change not required by dependency updates.
Removal of Link component and version-appending logic (src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Components/Link.razor, Link.razor.cs)	Feature removal unrelated to updating dependencies.
Removal of Script component and version-appending logic (src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Components/Script.razor, Script.razor.cs)	Feature removal unrelated to updating dependencies.
Deletion of services.AddMvc() from Server.Web (src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Program.Services.cs)	Service registration change outside the scope of dependency version updates.

Poem

I thump my paws—new versions bloom,
Headers tiptoe in the room.
CORS now waves a wider wing,
Scripts and links have left the spring.
MVC bows, a lighter trail—
Hippity-hop, we ship the tale! 🐇✨

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This PR updates dependencies in the bit Boilerplate template and removes custom Script and Link components in favor of simpler implementations. The changes include updating various NuGet package versions and adding additional CORS headers for better API integration.

• Updates multiple NuGet package versions to their latest stable releases
• Removes custom Script and Link Blazor components that handled file versioning
• Adds new CORS exposed headers for better API client integration

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
Directory.Packages.props	Updates package versions for Fido2, libphonenumber, CommunityToolkit.Aspire, Magick.NET, Microsoft.Identity.Web, and Twilio
Program.Services.cs (Server.Api)	Adds additional CORS exposed headers for API metadata
Program.Services.cs (Server.Web)	Removes MVC service registration
Script.razor/.cs	Removes custom Script component with file versioning
Link.razor/.cs	Removes custom Link component with file versioning
RequestHeadersDelegatingHandler.cs	Adds conditional header logic for internal vs external API requests

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Services/HttpMessageHandlers/RequestHeadersDelegatingHandler.cs (1)

28-37: Centralize custom header names to avoid typos.

Define shared constants (e.g., AppHeaders.XAppVersion, etc.) used by both client and server.

I can add an AppHeaders static class and update usages across projects.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Knowledge Base: Disabled due to Reviews > Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between ba9e13a and 14ec16f.

📒 Files selected for processing (8)

• src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Services/HttpMessageHandlers/RequestHeadersDelegatingHandler.cs (1 hunks)
• src/Templates/Boilerplate/Bit.Boilerplate/src/Directory.Packages.props (4 hunks)
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/Program.Services.cs (1 hunks)
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Components/Link.razor (0 hunks)
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Components/Link.razor.cs (0 hunks)
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Components/Script.razor (0 hunks)
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Components/Script.razor.cs (0 hunks)
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Program.Services.cs (0 hunks)

💤 Files with no reviewable changes (5)

• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Components/Script.razor
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Program.Services.cs
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Components/Script.razor.cs
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Components/Link.razor
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Web/Components/Link.razor.cs

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build blazor hybrid (windows)
• GitHub Check: build api + blazor web
• GitHub Check: build and test

🔇 Additional comments (2)

src/Templates/Boilerplate/Bit.Boilerplate/src/Directory.Packages.props (2)

16-16: Deps bump LGTM.

libphonenumber-csharp, Magick.NET, Microsoft.Identity.Web, and Twilio updates look good.

Also applies to: 99-99, 110-110, 117-117

---

55-55: No config changes needed for Aspire toolkit 9.7.2 bump. Release notes only include documentation fixes, API surface updates, and new optional features—no breaking or config changes introduced.