From 268b432487307ea87fe5c9285668442a8a4c6e0b Mon Sep 17 00:00:00 2001
From: James Newton-King <james@newtonking.com>
Date: Mon, 8 Apr 2024 10:15:42 +0800
Subject: [PATCH 1/2] Enable HSTS middleware when all endpoints are HTTPS

---
 src/Aspire.Dashboard/DashboardWebApplication.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Aspire.Dashboard/DashboardWebApplication.cs b/src/Aspire.Dashboard/DashboardWebApplication.cs
index 9847899035..49b84ea547 100644
--- a/src/Aspire.Dashboard/DashboardWebApplication.cs
+++ b/src/Aspire.Dashboard/DashboardWebApplication.cs
@@ -201,13 +201,13 @@ public DashboardWebApplication(Action<WebApplicationBuilder>? configureBuilder =
         else
         {
             _app.UseExceptionHandler("/Error");
-            //_app.UseHsts();
         }
 
         _app.UseStatusCodePagesWithReExecute("/error/{0}");
 
         if (isAllHttps)
         {
+            _app.UseHsts();
             _app.UseHttpsRedirection();
         }
 

From b561d370da82fcf61f72b379fbedf56d2294a85a Mon Sep 17 00:00:00 2001
From: James Newton-King <james@newtonking.com>
Date: Mon, 8 Apr 2024 10:19:47 +0800
Subject: [PATCH 2/2] Don't include in development

---
 src/Aspire.Dashboard/DashboardWebApplication.cs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Aspire.Dashboard/DashboardWebApplication.cs b/src/Aspire.Dashboard/DashboardWebApplication.cs
index 49b84ea547..cc2d6a1190 100644
--- a/src/Aspire.Dashboard/DashboardWebApplication.cs
+++ b/src/Aspire.Dashboard/DashboardWebApplication.cs
@@ -201,13 +201,16 @@ public DashboardWebApplication(Action<WebApplicationBuilder>? configureBuilder =
         else
         {
             _app.UseExceptionHandler("/Error");
+            if (isAllHttps)
+            {
+                _app.UseHsts();
+            }
         }
 
         _app.UseStatusCodePagesWithReExecute("/error/{0}");
 
         if (isAllHttps)
         {
-            _app.UseHsts();
             _app.UseHttpsRedirection();
         }