[✨ Triage] dotnet/aspire#12871 by jrunestone - Suppress unsecured telemetry message doesn't work anymore in v13 #14
Description
Triage for dotnet/aspire#12871.
Repo filter: area-dashboard issues.
MihuBot version: 8857bd.
Ping MihaZupan for any issues.
This is a test triage report generated by AI, aimed at helping the triage team quickly identify past issues/PRs that may be related.
Take any conclusions with a large grain of salt.
Tool logs
dotnet/aspire#12871: Suppress unsecured telemetry message doesn't work anymore in v13 by jrunestone
[Tool] Searching for SUPPRESSUNSECUREDTELEMETRYMESSAGE, suppress unsecured telemetry message, DASHBOARD__OTLP__SUPPRESSUNSECUREDTELEMETRYMESSAGE, unsecured message dashboard, ASPIRE_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS, DASHBOARD__MCP__SUPPRESSUNSECUREDMESSAGE (IncludeOpen=True, IncludeClosed=True, IncludeIssues=True, IncludePullRequests=True, Repository=dotnet/aspire)
[Tool] Searching for #11672 (IncludeOpen=True, IncludeClosed=True, IncludeIssues=True, IncludePullRequests=True, Repository=dotnet/aspire)
[Tool] Found 25 issues, 18 comments (20556 ms)
[Tool] Found 35 issues, 54 comments (30837 ms)
Here are the most relevant related issues and discussions for triaging #12871 - "Suppress unsecured telemetry message doesn't work anymore in v13":
1. Issue #11672 (September 2025) - Add configuration to suppress unsecured message in dashboard
- Summary: This issue requested a configuration option to suppress the dashboard warning message about unsecured OTLP endpoints. The solution was to add
DASHBOARD__OTLP__SUPPRESSUNSECUREDTELEMETRYMESSAGEas an environment variable. - Resolution: Implemented in PR #11673 (see below). The config key is
Dashboard:Otlp:SuppressUnsecuredTelemetryMessage(env var:DASHBOARD__OTLP__SUPPRESSUNSECUREDTELEMETRYMESSAGE). When set totrue, the message is suppressed. - Discussion: No further comments; closed as completed.
2. PR #11673 (September 2025) - Add configuration to suppress unsecured telemetry message in dashboard
- Summary: Implements the suppression feature for the unsecured telemetry message. Adds the config property, updates UI logic, and tests.
- Key Details: Setting the environment variable to
truesuppresses the warning message about unsecured OTLP endpoints. - Discussion: Feedback focused on test improvements and parameterization. Also, a question about backporting to 9.5.1 for App Service.
3. Issue #12871 (November 2025) - Suppress unsecured telemetry message doesn't work anymore in v13
- Summary: The new issue reports that the suppression setting (
DASHBOARD__OTLP__SUPPRESSUNSECUREDTELEMETRYMESSAGE) no longer works in Aspire v13/13.1. The author expects the warning to be suppressed but still sees it. - Key Comment:
- JamesNK (Nov 2025): Explains that in v13, the dashboard adds a new MCP endpoint. Setting
ASPIRE_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS=truealso makes the MCP endpoint anonymous, so the warning is now for the MCP endpoint, not the OTLP endpoint. - Solution: To suppress the new warning, add
DASHBOARD__MCP__SUPPRESSUNSECUREDMESSAGE=trueto your launchSettings.json.
- JamesNK (Nov 2025): Explains that in v13, the dashboard adds a new MCP endpoint. Setting
4. PR #12148 (October 2025) - Add dashboard MCP server
- Summary: Introduces the MCP endpoint to the dashboard in v13. Adds authentication and configuration for MCP.
- Impact: This is the change that led to the new warning message for unsecured MCP endpoints, which is what the current issue is encountering.
5. Related configuration discussions
- PR #11671 (September 2025): Added support for Aspire dashboard in App Service - Mentions suppressing unsecured messages for App Service scenarios.
- PR #11954 (October 2025): Backport of suppression config to 9.5 - For Azure App Service, suppression of the warning is important and documented.
6. Documentation
- Docs PR: dotnet/docs-aspire#5197 - Documents the suppression setting for the dashboard warning.
Summary of Triaging
- The original suppression setting (
DASHBOARD__OTLP__SUPPRESSUNSECUREDTELEMETRYMESSAGE) only affects the OTLP endpoint. - In Aspire v13, a new MCP endpoint was added, which also shows a warning if unsecured.
- To suppress the new warning, you must set
DASHBOARD__MCP__SUPPRESSUNSECUREDMESSAGE=truein your configuration. - This is a documented and intentional change due to the addition of the MCP endpoint.
- The suppression setting for OTLP still works for its endpoint; the new warning is for MCP.
Actionable Resolution
Advise users to add both:
"ASPIRE_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS": "true",
"DASHBOARD__OTLP__SUPPRESSUNSECUREDTELEMETRYMESSAGE": "true",
"DASHBOARD__MCP__SUPPRESSUNSECUREDMESSAGE": "true"
to their launchSettings.json to suppress all unsecured endpoint warnings in Aspire v13+.
If you need further details on the MCP endpoint or suppression logic, see PR #12148 and the comments by JamesNK in issue #12871. This is not a regression, but a change in endpoint coverage for the warning message.