You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not ALL of these will be worked. This is an idea list/check list that don't rise to the level of opening an issue at this time.
Include "NuGet package" in nuget.org cross-links to make it clear the link goes to the package and not the namespace/API doc.
C#12 primary ctors
Replace in-text (usually non-working) examples with dotnet/blazor-samples-based, fully working, cut-'n-paste examples. Might be best to create a list on an issue first, then I can work down the list.
Apply form beautification 🌷 to the 8.0 sample app forms.
Check on antiforgery with the new standalone WASM w/Identity article scenario.
There was no time to update the images for the Lazy load assemblies article. Consider bringing dev tools images back for the Complete example section.
Check again the new guidance on breaking on unhandled exceptions with normal VS in 24Q1. My Preview VS might be funky and not permitting it to work properly. Cross-ref: WASM debug scenario update #30849
To show and explain anti-request forgery in the File Uploads topic, use some commented-out text held there to enable controller services with AddControllersAndViewsand pass the anti-forgery token to the Blazor app (<8.0) or obtain it from the anti-forgery feature (>=8.0) for the POST.
Convert the Blazor-EFCore sample app's manual grid to use a GridView.
With <NotFound> going away for BWA at 8.0, I think a dedicated bit in the Error handling topic on processing 404s via built-in server middleware makes sense (i.e., UseStatusCodePagesWithRedirects). Be sure to search for it because a cross-link is required in at least one case where I left a NOTE about BWAs not using the Not Found content template any longer.
Although I'm working the Security node passes in February, I'm going to handle one item separately after the passes are finished pertaining to handling refresh tokens from Razor components when a request fails (e.g., Give more info about RefreshToken #26086). Javier said, "... it involves sending a request to the token endpoint of the OIDC/OAuth provider in the same way you do in a web application." The refresh token is available to components via TokenProvider in the current guidance, so it seems that the component calls a server API to hit up the IdP to renew (and get a new refresh token) with an update to the TokenProvider with the new tokens. The component continues processing transparently (re-initiates the web API call that it was making in the first place) after the server-side work. Cross-refs: Miss a strategy to handle the refresh of tokens #19797 (comment)
Per Steve's .NET Conf talk, shouldn't we briefly cover FileSystem API use in Blazor apps?
Let's run through the testassets pieces in the framework to see what might be helpful for devs to see in docs. It's a large task tho because there's so much there. This probably can't be worked in 23H1, possibly for 23Q3 tho.
Best to have PU 🐈 look over the SignalR-Blazor enhancements for SignalR config (in the SignalR doc and the WASM/Server Host and Deploy docs) and SignalR client logging (in the Logging doc).
Promote NOTE on 'Avoid using a loop variable directly in a lambda expression' in Images and Documents article to article text. Promote NOTE to article text #33483
Confirm that "Razor Class Library" (proper noun) is only used for text that refers to the project template. All other instances should use adjective capitalization ("Razor class library"). This should already be the case, so hopefully few or no 😈 have gotten into the docs over the years. RCL casing #33500 (only found in non-Blazor docs)
Convert table format over to the simplified structure without opening and closing pipes (|). Table formatting #33560
Analyze where/how "by default" is used in Blazor docs. Eliminate it spots where it isn't necessary. Also, confirm affirmative reasons for because subordinate conjunctions. Language updates #33587
"Data Protection" should be capitalized when referring directly to the ASP.NET Core feature (service). Update to proper noun #33607
RP/MVC tutorial movie attributions ... I don't think that they're present. UPDATE: Email sent to doc 🐈 🐈🐈.
Main doc set: The HTTPS Redirection Middleware says "always" redirects, but that's not exactly right ... it's if there's an HTTPS port available that it always redirects. Clarify middleware activation #33613
Naming: Check/change from 'Blazor WebAssembly runtime" or just "WebAssembly runtime" to ".NET WebAssembly" runtime. Update WASM runtime naming #33617
Make sure that @using static Microsoft.AspNetCore.Components.Web.RenderMode is in all of the 8.0+ _Imports.razor files. Per Integration article updates #31445. Confirmed OK! 👍 No action needed.
Noting from a passing message because I don't think we cover it ... Does await base.OnAfterRenderAsync(firstRender); need to be called? No, we try to avoid making people call base on ComponentBase virtual methods. They can call it if they want but it’s a no-op. Covered! It was addressed on two PRs I believe within the last year or two.
Check on "anti-forgery" vs. "antiforgery" ... the style manual uses "antiforgery" (no hyphen), but Chicago calls for it IIRC. We mostly seem to use the hyphen with it. Dehyphenate "anti-forgery" #33634
Skipping API doc crosslinks for the Routing article because there's a large open PR on it. Circle back to it later. Routing article updates #33644
Check on "interactive <Router> (or routing or router)" language for cross-links to new guidance in the Fundamentals > Routing article. Routing article updates #33644
Check on places where the main (non-.Client) project is mentioned for BWAs and confirm that they're all described as the "server project." Checked! ... and seems ok.
Azure docs will host content+samples(s) for BWA+MS Identity Web+Azure hosting. Check back and cross-link to their new content when it appears. Blazor Web App with OIDC article #31555 (comment)UPDATE: Seems that the project template is going to produce this. If we carry a sample app/article, it will be determined by and opened in relation to .NET 9 coverage at RC2. It's tracked by the .NET 9 tracking issue.
Consider Remove/update enhanced nav remark #31118 (comment) for coverage in 24H1. UPDATE: Per Mackinnon's remarks, let's NOT do anything about this at this time. He basically says that if they feel coverage is needed that they'll let me know.
For the Standalone WASM w/Identity article+sample: Swap IdentityUser for AppUser -AND- I need to cross-link in the article's remark for "advanced Identity features" to whatever the main doc set is going to have on the subject in the SPA/Identity docs. SPA authentication and authorization doc #31010 (comment)UPDATE: The cross-link is already there, and we'll keep AppUser because the sample+article now manages user roles added to IdentityUser.
HOLD Key Vault code for BWA+OIDC and BWA+MS Identity Web articles ...
privatestringGetSecretFromKeyVault(stringtenantId,stringsecretName){// this should point to your vault's URI, like https://<yourkeyvault>.vault.azure.net/stringuri= Environment.GetEnvironmentVariable("KEY_VAULT_URI");DefaultAzureCredentialOptionsoptions=new DefaultAzureCredentialOptions();// Specify the tenant ID to use the dev credentials when running the app locally
options.VisualStudioTenantId =tenantId;
options.SharedTokenCacheTenantId =tenantId;SecretClientclient=new SecretClient(new Uri(uri),new DefaultAzureCredential(options));// The secret name, for example if the full url to the secret is https://<yourkeyvault>.vault.azure.net/secrets/ENTER_YOUR_SECRET_NAME_HEREResponse<KeyVaultSecret>secret= client.GetSecretAsync(secretName).Result;return secret.Value.Value;}// uncomment the following 3 lines to get ClientSecret from KeyVault//string tenantId = Configuration.GetValue<string>("AzureAd:TenantId");//services.Configure<MicrosoftIdentityOptions>(// options => { options.ClientSecret = GetSecretFromKeyVault(tenantId, "ENTER_YOUR_SECRET_NAME_HERE"); });
Confirm language on interactive SSR components in the Pages folder of the .Client project.
Put an 👁️ on one line in particular in the prerendering with JS interop INCLUDE file: An infinite loop isn't created because StateHasChanged is only called when scrollPosition is null.
The framework does what we say devs aren't supposed to do on transient disposables for IHttpClientFactory/HttpClient.
Why I couldn't load a script via control of <head> content for the JS collocation example. <HeadContent><script src="./Components/Pages/JsCollocation1.razor.js"></script></HeadContent>
Check on the namespace section in the Components overview.
Check on the "In components derived from the base class" bit in the DI topic. It doesn't make sense. It might be incorrect.
In UserClaims components (and perhaps a few other spots) the code for a collection displayed in the UI can can have the collection be assigned an empty value or left nullable with an additional Razor nullable check. Which is best? There's a text file on the desktop with the code either way.
Do we need to assess all Blazor examples where tasks are awaited looking for spots where it would be more appropriate to avoid resuming with the context (ConfigureAwait(false))?
Blazor Server and EF Core — Consider using the QuickGrid now that it's a supported part of the framework.
UE pass tracking
Articles that could benefit from the 🦖 Rex Treatment™ 🦖 ...
Security node for 8.0/BWA/Identity components
Blazor Server and EF Core
Call web API topic: I'd like to divorce this from the main doc set's web API article in favor of a small Minimal APIs-based web API app for the experiences in the topic. I think churn on the main doc set article may have broken the cut-'n-paste, fully working examples that I have. I either need to update the examples to match the latest guidance in the web API article or place a dedicated app example in this topic, and I favor the latter because of on-going web API article churn ... this is a fragile 💥 setup because I don't maintain both articles.
2024
History
Doc ideas
Not ALL of these will be worked. This is an idea list/check list that don't rise to the level of opening an issue at this time.
dotnet/blazor-samples
-based, fully working, cut-'n-paste examples. Might be best to create a list on an issue first, then I can work down the list.AuthorizeView
coverage for error/API described in ClientID vs SecretID #31119.AddControllersAndViews
and pass the anti-forgery token to the Blazor app (<8.0) or obtain it from the anti-forgery feature (>=8.0) for the POST.<NotFound>
going away for BWA at 8.0, I think a dedicated bit in the Error handling topic on processing 404s via built-in server middleware makes sense (i.e.,UseStatusCodePagesWithRedirects
). Be sure to search for it because a cross-link is required in at least one case where I left a NOTE about BWAs not using the Not Found content template any longer.file://
pages for debugging on the client.TokenProvider
in the current guidance, so it seems that the component calls a server API to hit up the IdP to renew (and get a new refresh token) with an update to theTokenProvider
with the new tokens. The component continues processing transparently (re-initiates the web API call that it was making in the first place) after the server-side work. Cross-refs: Miss a strategy to handle the refresh of tokens #19797 (comment)@attribute [IgnoreAntiforgeryToken]
, including for logout. The coverage is at: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-7.0&tabs=visual-studio#pass-an-xsrf-token-to-the-appFileSystem
API use in Blazor apps?testassets
pieces in the framework to see what might be helpful for devs to see in docs. It's a large task tho because there's so much there. This probably can't be worked in 23H1, possibly for 23Q3 tho.QuickGrid
example that opens and closes a detail record component without losing the page and scroll position of the grid. For context, see Blazor database example's list page is reloaded when coming back from a details page blazor-samples#58.Resolved
XXX.Count() > 0
and swap for.Any()
. Swap.Any()
for.Count()
#33475.|
). Table formatting #33560@using static Microsoft.AspNetCore.Components.Web.RenderMode
is in all of the 8.0+_Imports.razor
files. Per Integration article updates #31445. Confirmed OK! 👍 No action needed.OnInitialized
orOnParametersSetAsync
blazor ssr form processing issues aspnetcore#51978 PR: Initialize form data with static SSR #33630./
, but shouldn't we remove the./
in the general case? Directory path notation (./) for RCL assets #33632base.OnAfterRenderAsync(firstRender);
need to be called? No, we try to avoid making people call base onComponentBase
virtual methods. They can call it if they want but it’s a no-op. Covered! It was addressed on two PRs I believe within the last year or two.dotnet/blazor-samples
repo. Check for (and send) empty body on log out post. blazor-samples#136 Resolved! 👍<Router>
(or routing or router)" language for cross-links to new guidance in the Fundamentals > Routing article. Routing article updates #33644.Client
) project is mentioned for BWAs and confirm that they're all described as the "server project." Checked! ... and seems ok._
/this
all the things ... Fix naming violations in sample code (_camelCase with underscore for private fields) #30533 (comment). Blazor conventions updates #33652IdentityUser
forAppUser
-AND- I need to cross-link in the article's remark for "advanced Identity features" to whatever the main doc set is going to have on the subject in the SPA/Identity docs. SPA authentication and authorization doc #31010 (comment) UPDATE: The cross-link is already there, and we'll keepAppUser
because the sample+article now manages user roles added toIdentityUser
.HOLD Key Vault code for BWA+OIDC and BWA+MS Identity Web articles ...
Cross-ref: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/master/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs
PU review items
Steve:
Halter:
builder.AddMarkupContent(0, someUserSuppliedString)
because it can create an XSS vulnerability.Mackinnon:
Pages
folder of the.Client
project.StateHasChanged
is only called whenscrollPosition
isnull
.addHandlers
module FN approach for wiring up event handlers.IHttpClientFactory
/HttpClient
.<head>
content for the JS collocation example.<HeadContent><script src="./Components/Pages/JsCollocation1.razor.js"></script></HeadContent>
/p:RuntimeIdentifier={RID}
but the self-contained setting doesn't (/p:SelfContained=false
).<textarea>
content in a form of Message size limit enhancements #29541. LiveUserClaims
components (and perhaps a few other spots) the code for a collection displayed in the UI can can have the collection be assigned an empty value or left nullable with an additional Razor nullable check. Which is best? There's a text file on the desktop with the code either way.ConfigureAwait(false)
)?UE pass tracking
tasks.json
/launch.json
due to Errors when running .net generate assets to build .vscode folder vscode-csharp#4542. See 👉 small clarification #23777TestServer
). Missing example on how to use TestServer with ASP.NET 6 #25263NavigationManager.NavigateTo
. See :point-right: Use relative path in NavigateTo #22146 (comment).web.config
post PR Remove .wasm file extension before redefining it #24950 and in light of discussion on https://stackoverflow.com/a/69888016 and https://stackoverflow.com/a/70967738. Probably add a tagged SO filter link:https://stackoverflow.com/questions/tagged/blazor+iis+compression
UE pass tracking
Articles that could benefit from the 🦖 Rex Treatment™ 🦖 ...
New for 8.0 ...
The text was updated successfully, but these errors were encountered: