- Validated that each of `TagHelperSample.Web`s sites work properly.
- Found that the `ConditionalCommentTagHelper` page wasn't working as intended due to never being updated after `TagHelperContent` encoding changes.
- Added content verification for the `TagHelper/ConditionalComment` endpoint only since it's static HTML.
#3530
Calling Flush[Async]() on the writer will NOT flush the stream.
Calling Flush[Async]() in Razor will flush both the writer and the stream.
Our normal flow will be to flush the writer, but not the stream. This
avoids chunking, but allows us to do a WriteAsync on the stream as part of
the call to FlushAsync. This is done to avoid a synchronous write due to
Dispose calling Flush on the writer, which needs to call Write on the
stream.
See issue for extensive background.
Adds the concept of an IAntiforgeryPolicy marker interface as well as
the ability to overide policy with a 'closer' filter.
Adds a new [IgnoreAntiforgeryToken] attribute for overriding a scoped
antiforgery policy.
Adds a new [AutoValidateAntiforgeryToken] attribute (good name tbd) for
applying an application-wide antiforgery token. The idea is that you can
configure this as a global filter if your site is acting as a pure
browser-based or 1st party SPA. This new attribute only validates the
token for unsafe HTTP methods, so you can apply it broadly.
- Check MVC services once at startup
- Make action selector sync
We've never really had a scenario for the action selector being async, it
just ended up that way. None of our extensibility here lets you do
anything async without replacing it wholesale, which we don't
recommend.
- SendFileAsync does the proper fallback to stream copy when the feature
isn't available. Take advantage of it in MVC. There are plans to use the
buffer pool as part of the stream copy so MVC will get that benefit for
free.
- Left CopyToAsync in SendFileAsync when the file doesn't have a
physical path
This change avoids a state machine allocation and a dictionary allocation
on the common case (no bound properties). Ugly? You bet. Worth it? Yeah,
seems worthwhile.
This is worth about 200 bytes/request - about 3% of allocated bytes in a
smallish API scenario.
jacalvar
Pranav K
Steve Gordon
ryanbrandenburg
N. Taylor Mullen
Ryan Nowak
John Luo
Pavel Krymets
Ajay Bhargav Baaskaran
Ben Adams
Doug Bunting
David Fowler
Eilon Lipton
Kiran Challa