b53179267a
**Description** An infinite loop can happen in routing if there is a catch all route with host name matching. This problem is caused by the DFA matcher builder giving an incorrect exit destination to policies. Currently the exit destination is the catch all state, so the policy will transition to itself when there is no match. It will run again, transition to itself again, run again, etc. This causes the policy to run forever. What should happen is the host name policy fails, it transitions to the final state with no candidates, and the route matcher does not match any endpoints. The browser is returned a 404 status. **Customer Impact** This problem shows up in this situation: 1. If a customer has configured a catch all route in their app 2. The catch all route has host matching 3. A browser makes a request to the server that matches the catch all route but doesn't match the host name The route matcher will run forever, using up a threadpool thread. When threadpool threads are exhausted the server will stop responding. **Regression?** No. **Risk** Medium. The fix is simple but route matching is complex, and routing runs with every request. |
||
|---|---|---|
| .azure/pipelines | ||
| .config | ||
| .github | ||
| .vscode | ||
| docs | ||
| eng | ||
| src | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .gitmodules | ||
| CONTRIBUTING.md | ||
| Directory.Build.props | ||
| Directory.Build.targets | ||
| LICENSE.txt | ||
| NuGet.config | ||
| README.md | ||
| SECURITY.md | ||
| THIRD-PARTY-NOTICES.txt | ||
| activate.ps1 | ||
| activate.sh | ||
| build.cmd | ||
| build.ps1 | ||
| build.sh | ||
| clean.cmd | ||
| clean.ps1 | ||
| clean.sh | ||
| dockerbuild.sh | ||
| global.json | ||
| restore.cmd | ||
| restore.sh | ||
| startvs.cmd | ||
README.md
ASP.NET Core
ASP.NET Core is an open-source and cross-platform framework for building modern cloud based internet connected applications, such as web apps, IoT apps and mobile backends. ASP.NET Core apps can run on .NET Core or on the full .NET Framework. It was architected to provide an optimized development framework for apps that are deployed to the cloud or run on-premises. It consists of modular components with minimal overhead, so you retain flexibility while constructing your solutions. You can develop and run your ASP.NET Core apps cross-platform on Windows, Mac and Linux. Learn more about ASP.NET Core.
Get Started
Follow the Getting Started instructions in the ASP.NET Core docs.
Also check out the .NET Homepage for released versions of .NET, getting started guides, and learning resources.
How to Engage, Contribute, and Give Feedback
Some of the best ways to contribute are to try things out, file issues, join in design conversations, and make pull-requests.
- Download our latest daily builds
- Follow along with the development of ASP.NET Core:
- Community Standup: The community standup is held every week and streamed live to YouTube. You can view past standups in the linked playlist.
- Roadmap: The schedule and milestone themes for ASP.NET Core.
- Build ASP.NET Core source code
- Check out the contributing page to see the best places to log issues and start discussions.
Reporting security issues and bugs
Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) secure@microsoft.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the Security TechCenter.
Related projects
These are some other repos for related projects:
- Documentation - documentation sources for https://docs.microsoft.com/aspnet/core/
- Entity Framework Core - data access technology
- Extensions - Logging, configuration, dependency injection, and more.
Code of conduct
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.