This change adds a list of ApiRequestFormat objects to ApiDescription
object which include the content type and formatter for each supported
content type which can be understood by the action.
Computation is aware of the [Consumes] attribute via the
IApiRequestMetadataProvider metadata interface, and aware of Input
Formatters via the new IApiRequestFormatMetadataProvider interface.
This algorithm is essentially the same as what we do for
produces/output-formatters. We iterate the filters and ask them what
content types they think are supported. Then we cross check that list with
the formatters, and ask them which from that list are supported. If no
[Consumes] filters are used, the formatters will include everything they
support by default.
This feature and data is only available when an action has a [FromBody]
parameter, which will naturally exclude actions that handle GET or DELETE
and don't process the body.
- Validated that each of `TagHelperSample.Web`s sites work properly.
- Found that the `ConditionalCommentTagHelper` page wasn't working as intended due to never being updated after `TagHelperContent` encoding changes.
- Added content verification for the `TagHelper/ConditionalComment` endpoint only since it's static HTML.
#3530
Calling Flush[Async]() on the writer will NOT flush the stream.
Calling Flush[Async]() in Razor will flush both the writer and the stream.
Our normal flow will be to flush the writer, but not the stream. This
avoids chunking, but allows us to do a WriteAsync on the stream as part of
the call to FlushAsync. This is done to avoid a synchronous write due to
Dispose calling Flush on the writer, which needs to call Write on the
stream.
See issue for extensive background.
Adds the concept of an IAntiforgeryPolicy marker interface as well as
the ability to overide policy with a 'closer' filter.
Adds a new [IgnoreAntiforgeryToken] attribute for overriding a scoped
antiforgery policy.
Adds a new [AutoValidateAntiforgeryToken] attribute (good name tbd) for
applying an application-wide antiforgery token. The idea is that you can
configure this as a global filter if your site is acting as a pure
browser-based or 1st party SPA. This new attribute only validates the
token for unsafe HTTP methods, so you can apply it broadly.
- Check MVC services once at startup
- Make action selector sync
We've never really had a scenario for the action selector being async, it
just ended up that way. None of our extensibility here lets you do
anything async without replacing it wholesale, which we don't
recommend.
This change avoids a state machine allocation and a dictionary allocation
on the common case (no bound properties). Ugly? You bet. Worth it? Yeah,
seems worthwhile.
This is worth about 200 bytes/request - about 3% of allocated bytes in a
smallish API scenario.
- Always prepend with application name and let underlying `IStringLocalizerFactory` do the name gymnastics
- Use ExecutingFilePath instead of view name
- Trim off the file extension (so your resource doesn't have to have ".cshtml" in its name)
- Improved doc comments
- Added tests to cover ViewLocalizer behavior
- #3718
- #2767
Ryan Nowak
John Luo
javiercn
Pranav K
ryanbrandenburg
N. Taylor Mullen
Pavel Krymets
Ajay Bhargav Baaskaran
Doug Bunting
Kiran Challa
damianedwards
Hao Kung