Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Blazor] Enable websocket compression for Blazor Server and Interactive Server components in Blazor web #53389

Merged
merged 18 commits into from
Feb 5, 2024
Merged

[Blazor] Enable websocket compression for Blazor Server and Interactive Server components in Blazor web #53389

merged 18 commits into from
Feb 5, 2024

Conversation

javiercn
Copy link
Member

@javiercn javiercn commented Jan 15, 2024
edited
Loading

Fixes #35897 and is part of #38127

Enables websocket compression for interactive server components

  • We enable compression by default for the websocket when interactive server components are enabled.
  • We apply a frame-ancestors: 'none' policy to block embedding the app inside an iframe when compression is enabled or a configuration for the websocket context has been provided.
  • The CSP policy can be removed manually by setting the value to null, as the app might want to configure the policy in a centralized way.

#53640 <- Docs issue for the security considerations

@dotnet-issue-labeler dotnet-issue-labeler bot added the area-blazor Includes: Blazor, Razor Components label Jan 15, 2024
@javiercn javiercn marked this pull request as ready for review January 26, 2024 09:06
@javiercn javiercn requested review from BrennanConroy, halter73 and a team as code owners January 26, 2024 09:06
@javiercn javiercn force-pushed the javiercn/net90-enable-websocket-compression-blazor-server-web branch from 98298e4 to e1b6ad1 Compare January 26, 2024 15:55
@javiercn
Copy link
Member Author

Discussed offline, we have reached the conclusion that it is reasonable to restrict the framing to self, so I've updated the default and the tests to reflect that

MackinnonBuck
MackinnonBuck approved these changes Jan 27, 2024
View reviewed changes
Copy link
Member

@MackinnonBuck MackinnonBuck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, just some thoughts about the API and little nits here and there.

src/Components/Endpoints/src/Builder/RazorComponentEndpointFactory.cs Outdated Show resolved Hide resolved
src/Components/Server/src/Builder/InternalServerRenderMode.cs Outdated Show resolved Hide resolved
src/Components/Server/src/Builder/ServerComponentsEndpointOptions.cs Outdated Show resolved Hide resolved
src/Components/Server/src/Builder/ServerRazorComponentsEndpointConventionBuilderExtensions.cs Outdated Show resolved Hide resolved
src/Components/Endpoints/src/Builder/RazorComponentEndpointFactory.cs Outdated Show resolved Hide resolved
src/Components/Server/src/Builder/ServerRazorComponentsEndpointConventionBuilderExtensions.cs Outdated Show resolved Hide resolved
src/Components/Server/src/Builder/ServerComponentsEndpointOptions.cs Outdated Show resolved Hide resolved
src/Components/Server/src/Builder/ServerComponentsEndpointOptions.cs Show resolved Hide resolved
@javiercn javiercn force-pushed the javiercn/net90-enable-websocket-compression-blazor-server-web branch from 0d232ed to 03f1079 Compare February 1, 2024 12:25
BrennanConroy
BrennanConroy previously requested changes Feb 1, 2024
View reviewed changes
Copy link
Member

@BrennanConroy BrennanConroy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's talk

@javiercn javiercn dismissed BrennanConroy’s stale review February 3, 2024 12:56

I've removed the signalr bits, and handled the setup internally to Blazor as we spoke

@javiercn javiercn removed the request for review from BrennanConroy February 3, 2024 12:57
@javiercn javiercn merged commit f5853af into main Feb 5, 2024
26 checks passed
@javiercn javiercn deleted the javiercn/net90-enable-websocket-compression-blazor-server-web branch February 5, 2024 15:21
@ghost ghost added this to the 9.0-preview2 milestone Feb 5, 2024
onurmicoogullari pushed a commit to onurmicoogullari/aspnetcore that referenced this pull request Feb 14, 2024
@javiercn @onurmicoogullari
[Blazor] Enable websocket compression for Blazor Server and Interacti…
b71f5c1 
…ve Server components in Blazor web (dotnet#53389)

* Enables websocket compression by default on interactive server components.
* A new overload of `AddServerRenderMode` allows configuring the compression parameters as well as disabling it by setting the websocket callback to `null`.
* The `ContentSecurityAncestorPolicy` limits the ability to render the app/page inside an iframe from different origins. It can be disabled by setting the value to null (for example, if the policy is configured elsewhere) or restricted even further providing the value 'none', to constrain the policy even further.
This was referenced Feb 27, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@campersau campersau campersau left review comments

@SteveSandersonMS SteveSandersonMS SteveSandersonMS left review comments

@MackinnonBuck MackinnonBuck MackinnonBuck approved these changes

@BrennanConroy BrennanConroy BrennanConroy left review comments

@halter73 halter73 Awaiting requested review from halter73

Assignees
No one assigned
Labels
area-blazor Includes: Blazor, Razor Components
Projects
None yet
Milestone
9.0-preview2
Development

Successfully merging this pull request may close these issues.

Enable compression on blazorpack
5 participants
@javiercn @SteveSandersonMS @campersau @BrennanConroy @MackinnonBuck