.NET: Prefer HTTPS Aspire DevUI backends#6772
Merged
westey-m merged 1 commit intoJun 26, 2026
Merged
Conversation
Prefer allocated HTTPS endpoints when resolving Aspire DevUI backends and fall back to HTTP for existing services. Update the DevUI Aspire sample so WriterAgent exercises HTTPS redirection. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes Aspire DevUI proxying for agent backends that enable UseHttpsRedirection() by updating backend URL resolution to prefer an allocated HTTPS endpoint (falling back to HTTP), preventing redirect responses from leaking to the browser and bypassing DevUI prefix routing.
Changes:
- Updated DevUI backend resolution to prefer
httpsthen fall back tohttp, only using allocated endpoints. - Added unit tests for HTTPS preference and HTTP fallback scenarios (missing/unallocated HTTPS).
- Updated the DevUI Aspire integration sample to launch
WriterAgentwith an HTTPS profile and enable HTTPS redirection for manual verification.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| dotnet/tests/Aspire.Hosting.AgentFramework.DevUI.UnitTests/DevUIAggregatorHostedServiceTests.cs | Adds coverage for backend endpoint selection (HTTPS preferred; HTTP fallback). |
| dotnet/src/Aspire.Hosting.AgentFramework.DevUI/DevUIAggregatorHostedService.cs | Implements preferred endpoint selection (https → http) and exposes resolution for testing. |
| dotnet/samples/05-end-to-end/DevUIAspireIntegration/WriterAgent/Properties/launchSettings.json | Adds an https launch profile that exposes both HTTPS and HTTP URLs. |
| dotnet/samples/05-end-to-end/DevUIAspireIntegration/WriterAgent/Program.cs | Enables UseHttpsRedirection() to reproduce and validate the redirect scenario. |
| dotnet/samples/05-end-to-end/DevUIAspireIntegration/README.md | Documents that the sample’s WriterAgent uses HTTPS redirection for DevUI validation. |
| dotnet/samples/05-end-to-end/DevUIAspireIntegration/DevUIIntegration.AppHost/Program.cs | Launches WriterAgent via the https profile and targets the HTTPS endpoint for health checks. |
westey-m
approved these changes
Jun 26, 2026
peibekwe
approved these changes
Jun 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation & Context
Aspire DevUI integration currently resolves agent service backends through the hard-coded HTTP endpoint. When an agent service enables HTTPS redirection, the DevUI proxy forwards the redirect response back to the browser, which bypasses the DevUI prefix routing and breaks requests to the backend.
This change lets the DevUI integration work with agent services that expose both HTTP and HTTPS endpoints and use HTTPS redirection.
Description & Review Guide
httpsendpoint and falls back tohttpfor existing services.WriterAgentlaunches with an HTTPS profile and uses HTTPS redirection, providing a manual test path for this scenario.httpsoverhttpis the right default for DevUI backend resolution, and whether the sample is a useful enough regression scenario for manual validation.Related Issue
Fixes #6769
No other open PR was found for this issue.
Contribution Checklist
breaking changelabel (or add "[BREAKING]" to the title prefix, before or after any language prefix) — a workflow keeps the label and title prefix in sync automatically.