fix: add -UseBasicParsing to Invoke-WebRequest in get-aspire-cli.ps1#15609
Merged
fix: add -UseBasicParsing to Invoke-WebRequest in get-aspire-cli.ps1#15609
Conversation
Co-authored-by: radical <1472+radical@users.noreply.github.com> Agent-Logs-Url: https://github.com/microsoft/aspire/sessions/0422bca8-79d2-401c-986c-efc0815f9b9b
Copilot
AI
changed the title
[WIP] Fix security warning in get-aspire-cli.ps1 for Invoke-WebRequest
fix: add -UseBasicParsing to Invoke-WebRequest in get-aspire-cli.ps1
Mar 26, 2026
Contributor
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 15609Or
iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 15609" |
Member
|
@copilot make sure get-aspire-cli-pr.ps1 also has the fix if needed. |
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the Aspire CLI download script to avoid Invoke-WebRequest’s legacy IE-based parsing behavior on Windows PowerShell 5.1, preventing interactive security prompts while keeping behavior unchanged on newer PowerShell editions.
Changes:
- Add
UseBasicParsing = $trueto theInvoke-WebRequestsplat parameters inInvoke-SecureWebRequest.
Contributor
Author
|
JamesNK
approved these changes
Mar 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Windows PowerShell 5.1 defaults to the IE parsing engine for
Invoke-WebRequest, triggering a "Security Warning: Script Execution Risk" prompt in interactive sessions. PowerShell 7+ already defaults to basic parsing, so this only affects legacypowershell.exeusers.get-aspire-cli-pr.ps1was also reviewed and confirmed to require no changes — it uses theghCLI for all artifact downloads and contains noInvoke-WebRequestcalls.Changes
eng/scripts/get-aspire-cli.ps1: AddedUseBasicParsing = $trueto the$requestParamshashtable passed toInvoke-WebRequest, bypassing the IE engine on PS 5.1. This parameter is a no-op on PS 7+.Fixes #15608
Checklist
<remarks />and<code />elements on your triple slash comments?aspire.devissue:💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.