When a team produces an enterprise solution with a Single-Page Application (SPA) front-end and .NET Web API back-end, what are the options to host the two beasts?
Ultimately, we want to preserve the front-end bundle unchanged between environments, inject environment variables and have custom caching policies.

A popular bundle of .NET + SPA framework (e.g. Angular, React, Vue) has a notorious problem of enforcing contracts between the back-end and the front-end. Among all solutions, code generation tools are particular tempting. And here is analysis of all the major players to get the job done: NSwag, Swagger Codegen, OpenAPI Generator, AutoRest, WebApiClientGen and TypeWriter (plus 2 extra tools with partial functionality).

Cross-site scripting (XSS) is one of the most common application-layer web attacks. Are Angular or React apps safe? And if not, how to protect them? Some methods are easy to implement, others (like Content Security Policy) require more attention. Anyway, applying right settings is not a smooth ride, and some potholes and gotchas are described here.

Nowadays, an urge to write can be easily satisfied. Simply jump to Medium and you can fire away typing your first blog post. Not happy with your posts getting lost among millions of similar looking pages from thousands of bloggers? Then start building you own website for a small fee on Squarespace, WordPress and the likes. But for software developers…