Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IHttpContextAccessor not available in netstandard #343

Open
alanbrito opened this issue Nov 2, 2023 · 0 comments
Open

IHttpContextAccessor not available in netstandard #343

alanbrito opened this issue Nov 2, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@alanbrito
Copy link

ECS integration/library project(s) (e.g. Elastic.CommonSchema.Serilog): Elastic.CommonSchema.Serilog

ECS schema version (e.g. 1.4.0): 8.6.1 (but also older ones)

ECS .NET assembly version (e.g. 1.4.2): 8.6.1 (but also older ones)

Elasticsearch version (if applicable): n/a

.NET framework / OS: net6.0

Description of the problem, including expected versus actual behavior:

Elastic.CommonSchema.Serilog contains a couple extension methods that add HTTP context to the Serilog structured log properties. It uses the IHttpContextAccessor interface to do this for .net standard and .net core. However, the IHttpContextAccessor interface is only available in the aspnetcore framework, not in dotnet standard, and not available in a nuget package. In the distant past, there actually WAS a nuget package for this: https://www.nuget.org/packages/Microsoft.AspNetCore.Http.Abstractions. However, these packages have long since been deprecated, and they pull in transitive dependencies that are full of vulnerabilities, such as System.Text.Encodings.Web (version 4.5).

In today's modern development, many organizations have nuget proxies that scan for vulnerabilities and prevent packages with severe vulnerabilities from being pulled by package managers. Nexus-IQ is one such tool.

Our workaround is to explicitly reference a newer version of System.Text.Encodings.Web, and causes the nuget dependency resolver to only pull the newer version.

Steps to reproduce:
Assumption: There is a mechanism in place that prevents pulling the System.Text.Encodings.Web (version 4.5) nuget package.

  1. Create a simple dotnet 6 application
  2. Add a reference to Elastic.CommonSchema.Serilog
  3. Run dotnet restore. You will see in the logs that it tries to pull System.Text.Encodings.Web.4.5, which is prevented by the above assumption.

In our minds, because the Elastic.CommonSchema.Serilog project references deprecated nuget package, it is not truly netstandard compatible. However, we realize targeting only net6.0, etc... would be problematic for netstandard libraries. Our proposal is the following:

Split the classes referencing IHttpContextAccessor into another project (called Elastic.CommonSchema.Serilog.AspNetCore?), and this new project would only target .net FW and .net core. Any assembly consuming this new package would be inherently an aspnetcore project, so it should cause no problems. Only the correct version of the System.Text.Encodings.Web package will be pulled.
@alanbrito alanbrito added the bug Something isn't working label Nov 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alanbrito