This change adds a list of ApiRequestFormat objects to ApiDescription
object which include the content type and formatter for each supported
content type which can be understood by the action.
Computation is aware of the [Consumes] attribute via the
IApiRequestMetadataProvider metadata interface, and aware of Input
Formatters via the new IApiRequestFormatMetadataProvider interface.
This algorithm is essentially the same as what we do for
produces/output-formatters. We iterate the filters and ask them what
content types they think are supported. Then we cross check that list with
the formatters, and ask them which from that list are supported. If no
[Consumes] filters are used, the formatters will include everything they
support by default.
This feature and data is only available when an action has a [FromBody]
parameter, which will naturally exclude actions that handle GET or DELETE
and don't process the body.
- Validated that each of `TagHelperSample.Web`s sites work properly.
- Found that the `ConditionalCommentTagHelper` page wasn't working as intended due to never being updated after `TagHelperContent` encoding changes.
- Added content verification for the `TagHelper/ConditionalComment` endpoint only since it's static HTML.
#3530
Calling Flush[Async]() on the writer will NOT flush the stream.
Calling Flush[Async]() in Razor will flush both the writer and the stream.
Our normal flow will be to flush the writer, but not the stream. This
avoids chunking, but allows us to do a WriteAsync on the stream as part of
the call to FlushAsync. This is done to avoid a synchronous write due to
Dispose calling Flush on the writer, which needs to call Write on the
stream.
See issue for extensive background.
Adds the concept of an IAntiforgeryPolicy marker interface as well as
the ability to overide policy with a 'closer' filter.
Adds a new [IgnoreAntiforgeryToken] attribute for overriding a scoped
antiforgery policy.
Adds a new [AutoValidateAntiforgeryToken] attribute (good name tbd) for
applying an application-wide antiforgery token. The idea is that you can
configure this as a global filter if your site is acting as a pure
browser-based or 1st party SPA. This new attribute only validates the
token for unsafe HTTP methods, so you can apply it broadly.
- Check MVC services once at startup
- Make action selector sync
We've never really had a scenario for the action selector being async, it
just ended up that way. None of our extensibility here lets you do
anything async without replacing it wholesale, which we don't
recommend.
- SendFileAsync does the proper fallback to stream copy when the feature
isn't available. Take advantage of it in MVC. There are plans to use the
buffer pool as part of the stream copy so MVC will get that benefit for
free.
- Left CopyToAsync in SendFileAsync when the file doesn't have a
physical path
Ryan Nowak
John Luo
javiercn
Pranav K
Steve Gordon
ryanbrandenburg
N. Taylor Mullen
Pavel Krymets
Ajay Bhargav Baaskaran
Ben Adams
Doug Bunting
David Fowler
Eilon Lipton
Kiran Challa