- #5
- provide `ToString()` implementation
- add missing `null` checks in `WriteTo()`; remove extraneous one in the constructor
- special-case `HtmlEncodedString` in `IHtmlContentBuilder.AppendFormat()` extension method
nits:
- ignore more files
- add missing `null` checks in `HtmlContentBuilderExtensions` too
- Enabled by default and configured by RequestLocalizationOptions.FallbackToAncestorCulture/FallbackToAncestorUICulture
- Tries all candidate cultures first before trimming the list to parents and trying again, until a match is found, depth limit is reached, or none is found
- Updated functional tests to cover fallback case
- #112
This change adds support for retrieving an antiforgery CSRF token via a
configurable header in addition to the form field. This helps with doing
ajax requests in a 1st-party SPA when using cookie auth, and is similar to
functionality provided by a bunch of different frameworks.
In this change there's also a bunch of churn due to avoiding the term
'form' in favor of 'request' and 'session' in favor of 'cookie'. Where
code and error message now mention 'form' they specifically mean
form-encoded content.
- #3612 subpart 2 of 2
- merge `ActionConstraintsWebSite`, `AntiforgeryTokenWebSite` and `ContentNegotiationWebSite` into `BasicWebSite`
- remove tests depending on `ErrorReporterMiddleware` in merged sites; not used in `BasicWebSite`
- delete `CompositeViewEngineWebSite`, `Microsoft.AspNet.Mvc.ViewEngines.CompositeViewEngineTest` covers cases
- delete `CorsMiddlewareWebsite`, soon to be in Cors repo (see aspnet/CORS#57)
- remove `SendFileMiddleware` from FilesWebSite, unused there