Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Surface warning on compression for interactive SSR #32096

Merged
merged 3 commits into from
Mar 25, 2024
Merged

Surface warning on compression for interactive SSR #32096

merged 3 commits into from
Mar 25, 2024

Conversation

guardrex
Copy link
Collaborator

@guardrex guardrex commented Mar 20, 2024
edited by github-actions bot
Loading

Fixes #31916
Addresses #31909

I picked up on a potential opportunity to raise awareness in a couple of spots on CRIME/BREACH for compression with interactive SSR and authn/z components. This PR ...

  • Sets up an INCLUDE (with >=9.0 versioning) with a quick WARNING note and cross-links.
  • Places the INCLUDE in three spots ...
    • Route params section
    • Query strings section
    • JS interop overview (with an added >=9.0 heading)

Internal previews

📄 File 🔗 Preview link
aspnetcore/blazor/components/index.md ASP.NET Core Razor components
aspnetcore/blazor/fundamentals/routing.md ASP.NET Core Blazor routing and navigation
aspnetcore/blazor/javascript-interoperability/index.md ASP.NET Core Blazor JavaScript interoperability (JS interop)
aspnetcore/blazor/security/server/interactive-server-side-rendering.md Threat mitigation guidance for ASP.NET Core Blazor interactive server-side rendering

@guardrex guardrex self-assigned this Mar 20, 2024
@guardrex guardrex mentioned this pull request Mar 20, 2024
Closed
@guardrex guardrex requested a review from javiercn March 20, 2024 15:25
@guardrex guardrex requested a review from halter73 March 22, 2024 10:45
@guardrex
Copy link
Collaborator Author

I'm going to proceed with this on my own because it really just mirrors what was sent over from the PU for publication. All I'm doing here is noting for a couple of spots (route params and query strings) to see the new compression guidance.

@guardrex guardrex merged commit bb42ed9 into main Mar 25, 2024
3 checks passed
@guardrex guardrex deleted the guardrex/crime-breach-security-include branch March 25, 2024 14:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@javiercn javiercn Awaiting requested review from javiercn

@halter73 halter73 Awaiting requested review from halter73

Assignees

@guardrex guardrex

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remark on CRIME/BREACH in route param and query string guidance
1 participant
@guardrex