This might be a simple question, I'm hoping it is at least.
I've started to look into the Release Candidate of ASP.NET Core and I can see that a lot of the configuration has been moved out of the old web.config file and into JSON structured files (as well as XML and any other middleware that you might want to write yourself).
The one thing I haven't yet figured out how to do is something that was so simple in the old web.config approach, securing some of the basic components of your site like cookies.
Previously we'd set the secure
, httpOnly
and so on inside web.config and when it came to deployment a nice little transform file would modify the values for us and spit out the new file at the end. After reading round a bit, it seems that web.config is pretty much dead now, so how do we go about achieving the same results?
I know we can load different config files based on whether certain variables, such as environment, are set to DEV, STAGING, PRODUCTION etc. but this seems to be just replacing transforms with something that is a transform for all intents and purposes except in how it's actually loaded?
Have I missed something here or have I managed to work myself into a bit of a mess?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…