Blazor project tracking 2023

[guardrex]

2023

History

• Blazor project tracking 2022 (dotnet/AspNetCore.Docs #24615)
• Blazor project tracking 2021 (dotnet/AspNetCore.Docs #19286)

Doc ideas

Not ALL of these will be worked. This is an idea list/check list that don't rise to the level of opening an issue at this time.

• For the RCL case in https://learn.microsoft.com/en-us/aspnet/core/blazor/javascript-interoperability/?view=aspnetcore-8.0#load-a-script-from-an-external-javascript-file-js, it shouldn't break using ./, but shouldn't we remove the ./ in the general case?
• Ask Mackinnon why I couldn't load a script via control of <head> content for the JS collocation example. <HeadContent><script src="./Components/Pages/JsCollocation1.razor.js"></script></HeadContent>
• I made the Blazor script placeholder lines BOLD on Highlight placeholder line #31318 for the SignalR config doc. Do that everywhere across the Blazor docs.
• Naming: Check/change from 'Blazor WebAssembly runtime" or just "WebAssembly runtime" to ".NET WebAssembly" runtime.
• Improve auth state provider docs per Improve documentation for blazor authentication aspnetcore#47490.
• It's desirable to identify whether the request is GET or POST in OnInitialized or OnParametersSetAsync blazor ssr form processing issues aspnetcore#51978
• Review Dynamic and extensible authentication requests for coverage opportunities [Blazor][Wasm] Dynamic and extensible authentication requests aspnetcore#42580 [Blazor] Dynamic authentication requests aspnetcore#42692
• Bias-free communication sweep https://learn.microsoft.com/en-us/style-guide/bias-free-communication
• Noting from a passing message because I don't think we cover it ... Does await base.OnAfterRenderAsync(firstRender); need to be called? No, we try to avoid making people call base on ComponentBase virtual methods. They can call it if they want but it’s a no-op.
• There are some Razor code rendering problems that should be reported.
• Confer with Artak on the correct PU group to add to the dotnet/blazor-samples repo. Check for (and send) empty body on log out post. blazor-samples#136
• Check with Steve on API of last paragraph in https://learn.microsoft.com/en-us/aspnet/core/blazor/components/render-components-outside-of-aspnetcore?view=aspnetcore-8.0.
• Skipping API doc crosslinks for the Routing article because there's a large open PR on it. Circle back to it later.
• Check on "interactive <Router> (or routing or router)" language for cross-links to new guidance in the Fundamentals > Routing article.
• Consider Remove/update enhanced nav remark #31118 (comment) for coverage in 24H1.
• Check AuthorizeView coverage for error/API described in ClientID vs SecretID #31119.
• Check on antiforgery with the new standalone WASM w/Identity article scenario.
• There was no time to update the images for the Lazy load assemblies article. Consider bringing dev tools images back for the Complete example section.
• C#12 primary ctors
• Check on places where the main (non-.Client) project is mentioned for BWAs and confirm that they're all described as the "server project."
• The .Client project really can host interactive server components.
• Preview Blazor scaffolder ... https://devblogs.microsoft.com/dotnet/announcing-asp-net-core-in-dotnet-8/
• For the Standalone WASM w/Identity article+sample: Swap IdentityUser for AppUser -AND- I need to cross-link in the article's remark for "advanced Identity features" to whatever the main doc set is going to have on the subject in the SPA/Identity docs. SPA authentication and authorization doc #31010 (comment)
• Mirror a custom auth state provider section for the WebAssembly security Overview.
• Check on "anti-forgery" vs. "antiforgery" ... the style manual uses "antiforgery" (no hyphen), but Chicago calls for it IIRC. We mostly seem to use the hyphen with it.
• Check again the new guidance on breaking on unhandled exceptions with normal VS in 24Q1. My Preview VS might be funky and not permitting it to work properly. Cross-ref: WASM debug scenario update #30849
• To show and explain anti-request forgery in the File Uploads topic, use some commented-out text held there to enable controller services with AddControllersAndViews and pass the anti-forgery token to the Blazor app (<8.0) or obtain it from the anti-forgery feature (>=8.0) for the POST.
• Check this Graph SDK v5 update #30792 to make sure the v5 code works. I think it will, but it's best to confirm it. I won't check it tho if Philip Reed gets back to me that it worked for him.
• _/this all the things ... Fix naming violations in sample code (_camelCase with underscore for private fields) #30533 (comment)
• Check back in 24Q1 on the doc Razor code formatting problem reported in Incorrect code formatting in Tab.razor example #30157.
• Update for use of C# Dev Kit: https://marketplace.visualstudio.com/items?itemName=ms-dotnettools.csdevkit ... .NET talk is at https://www.youtube.com/watch?v=tFCZw-wZVtg and there's a .NET Conf talk on it Day 1 - 3:45
• Convert the Blazor-EFCore sample app's manual grid to use a GridView.
• I removed the broken VSC guidance on adding the app assets if VSC fails to do it for you. I plan to add them back. Add manual debug/build assets guidance for VSC #30365
• With <NotFound> going away for BWA at 8.0, I think a dedicated bit in the Error handling topic on processing 404s via built-in server middleware makes sense (i.e., UseStatusCodePagesWithRedirects). Be sure to search for it because a cross-link is required in at least one case where I left a NOTE about BWAs not using the Not Found content template any longer.
• Standardize on standalone Blazor WASM, not "static" naming. Swap 'standalone' for 'static' #30373
• Update to cover nonfile pattern with optional route parameters. Faild to load {Assembly}.styles.css with a specific route in .net 8 Blazor Web App aspnetcore#50471 Routing paths with dots aspnetcore#51818 (comment)
• 9.0: [browser] [wasm] Request Streaming upload runtime#91295
• Root-level cascading values followup items: Root-level cascading values 8.0 #30095
• Check on __builder changeover to Razor template. It's versioned 6.0, but the template approach works at 5.0. Find out if it works as far back at 3.1 ... if so, 🔪 the __builder approach for all versions. UPDATE: Confirmed working for all versions. Remove prior reusable RenderFragment approach #30121
• There's poor code highlighting for components across the docs.
• Component param example for How to render a matrix correctly in Blazor? aspnetcore#49945 (comment).
• Check with Mackinnon on the namespace section in the Components overview.
• Check with Mackinnon on the "In components derived from the base class" bit in the DI topic. It doesn't make sense. It might be incorrect.
• Custom ICU creation for WASM didn't make the cut for 8.0. It's scheduled for 9.0 now. [browser][icu] Automate custom icu creation runtime#82908
• "DOM" is ubiquitous at this point. Let's define/explain it once early with a cross-link to MDN and then use "DOM" everywhere. PR: Use abbreviation DOM #29896
• Ask Javier about https://github.com/dotnet/aspnetcore/blob/main/src/Components/test/testassets/BasicTestApp/MarkupBlockComponent.razor#L37C21-L37C37 because we say in the Threat Mitigation topic not to use builder.AddMarkupContent(0, someUserSuppliedString) because it can create an XSS vulnerability.
• Per the discussion at Simple Update for state management #29749, consider a more general demo of a state management service that works across clients/circuits.
• Cross-link Use ASP.NET Core APIs in a class library (<xref:fundamentals/target-aspnetcore>) in the class lib article. Cross-link content #29697
• Discuss Update module import approach #29545 for import/export JS interop with Pavel when he gets back. Done! Possible regression in JavaScript [JSImport]/[JSExport] interop in a Blazor app (.NET 8 Preview 5) runtime#87690 (comment)
• The debugging guidance seems to have regressed, perhaps just for .NET 8 preview. There's no file:// pages for debugging on the client.
• After .NET 8 RTMs, ask Mackinnon to review the code for streaming <textarea> content in a form of Message size limit enhancements #29541. Live
• Blazor docs reference the concept of "reflection" in several spots without reference. Find and cross-link a good reference to these mentions for new-to-programming/new-to-.NET folks. PR: Crosslink 'reflection' to C# Guide #29699
• I think I can recast the size limits JS interop INCLUDE files down to a single block of text for inline use and drop all of the files. PR: Message size limit enhancements #29541
• I wasn't able to resolve Provide examples/references to avoid unauthorized content display during prerendering #29448 with Provide examples of recommendations #29449 because I can't see how the implementation should be applied in the reader's example app to avoid the reported behavior. Will circle around to this subject with Javier after .NET 8 releases.
• Host and deploy ASP.NET Core Blazor WebAssembly might be too long: Split it? Update (7/6): No, I think it's ok ... and it might get shorter after the 8.0 updates.
• Add a NOTE on port discrimination to the Host multiple WASM apps: Domain/Port pivot. Unsafe pattern for port restriction in documentation #29399 PR: Warn on port spoofing via the Host header #29445
• API cross-links for Microsoft.Identity.Web API broke for Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApi. I'm code-fencing the method name for now. Tracking: Missing API for WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions AzureAD/microsoft-identity-web#2265 PR: Restore API cross-links #29473
• Move code examples in sample app and article text links for new topics: element-component-model-relationships.md, overwriting-parameters.md, synchronization-context.md, splat-attributes-and-arbitrary-parameters.md PR: Move code example cross-links in new articles #29437
• Test https://learn.microsoft.com/en-us/aspnet/core/blazor/host-and-deploy/multiple-hosted-webassembly?view=aspnetcore-7.0&pivots=route-subpath#razor-class-library-rcl-support in the subpath routing approach and ping phillip-reed on the PU issue https://github.com/dotnet/aspnetcore/issues/47803
• Move 3.1 and 5.0 samps for the Blazor-SignalR tutorial to the dotnet/blazor-samples repo and update links. PR: Move sample apps to samples repo #29268
• Add nav menu cut-'n-paste snippets for our fully-working demos?
• Revert content (Live content) to a cross-link when Azure Static Web Apps docs get a tutorial/tooling guidance for the new publish from VS gesture. Tracking on Azure docs issue: Document new Blazor WASM SWA VS publishing feature MicrosoftDocs/azure-docs#112013
• Javier should look at my version of subpath hosting multiple WASM apps. UPDATE (7/6): Checking off as a won't-fix (for now) because hosted WASM is going away. We may show something for a Blazor Web App that hosts multiple Blazor WebAssembly apps, and we'll deal with that later as 8.0 updates are processed, but we aren't going to have this article content for >=8.0.
• Confirm NavigateTo uses optional leading forward-slash URLs. Hashed routing to named elements #29106 (comment) Analysis: Looks good, and we have specific guidance on relative app base path scenarios. No action needed. 👍
• Confirm HTML in Razor components receives the razor code language. PR: Code language updates #29210
• Investigate this Artak remark on MIA security remarks: Something wrong with AuthorizationMessageHandler in .net 6 aspnetcore#38486 (comment) UPDATE (5/15): Will wait on this one because the PU issue is triaged for further investigation. UPDATE (7/6): This is currently triaged for 8.0. I'm still monitoring the PU issue.
• Potential notes for base path/relative path behavior in Blazor apps for our App base path coverage: <base href="/" /> or base-tag alternative for Blazor MVC integration. aspnetcore#43191 (comment) PR: Expand lead-in coverage on app base path #29271
• For lifecycle event processing, state the simplification remarks both at the beginning and the end. Blazor lifecycle events for further rendering #28958 PR: Move remark to opening content of article #29022
• Change the QuickGrid example to not show birthdays. https://learn.microsoft.com/en-us/aspnet/core/blazor/components/?view=aspnetcore-7.0#quickgrid-component PR: Blazor QuickGrid coverage enhancements #28767
• Add 'old content' message to Blazor node. Set up for 'old content' alert #28730 PR: Blazor old content alert #28874
• Check on the named HttpClient text and examples for hosted WASM guidance in the Call a web API topic and see if {APP NAME} forms part of the named client. Go with {PROJECT NAME} instead to better match what devs supply to VS on solution creation. PR: Change "app name" placeholder to "project name" #28884
• The convention for middleware proper noun naming slipped in just a few spots over the years. Elevate those to proper nouns. PR: Middleware naming updates #28885
• Check on no "filename" words ... should be "file name" per the style manual. Update filename -> file name #28615
• For consistency with the rest of the Blazor docs, flip "server" and "webassembly" in the {webassembly|server} Blazor script placeholder in the JS interop overview article. PR: Update placeholder #28911
• At some point, we can go with .mjs instead of .js for module files. https://github.com/dotnet/aspnetcore/blob/main/src/Middleware/StaticFiles/src/FileExtensionContentTypeProvider.cs#L178 Do that this year? PR: Add remark on module extension '.mjs' #29023 We'll stick with .js for a while longer.
• I can use the Project Structure doc section for the location of <head> content for Blazor Server to version between _Host.cshtml (not 6.0) and _Layout.cshtml (6.0) with: In the `<head>` markup ([location of `<head>` content](xref:blazor/project-structure#location-of-head-content)), ... Addressed on Location of SignalR client builder #28498. Will pick up remaining updates while removing Whole-topic Versioning from remaining docs.
• Need to keep an 👁️ on WebSockets with Azure Front Door remark in the Blazor Server Threat Mitigation topic. Not supported today, but they might have something 23H1 roll out per https://github.com/MicrosoftDocs/architecture-center/issues/1891#issuecomment-1284754716 and https://feedback.azure.com/d365community/idea/c8b1d257-8a26-ec11-b6e6-000d3a4f0789.
• Additional Blazor Server implementation of AuthenticationStateProvider example (PU Issue): We have one ... a very simple, kind'a unrealistic one. We also now have a notification version of it, so that's good. I just wonder if we should have more of a real-world example of something that devs are commonly having to do with it? Won't fix because the notification example added earlier is a real world scenario for the approach.
• Although I'm working the Security node passes in February, I'm going to handle one item separately after the passes are finished pertaining to handling refresh tokens from Razor components when a request fails (e.g., Give more info about RefreshToken  #26086). Javier said, "... it involves sending a request to the token endpoint of the OIDC/OAuth provider in the same way you do in a web application." The refresh token is available to components via TokenProvider in the current guidance, so it seems that the component calls a server API to hit up the IdP to renew (and get a new refresh token) with an update to the TokenProvider with the new tokens. The component continues processing transparently (re-initiates the web API call that it was making in the first place) after the server-side work. Cross-refs: Miss a strategy to handle the refresh of tokens #19797 (comment)
  • Especially: How to refresh updated Claims without login out #22405 (comment)
  • ... and because it was never built-into the scaffolder to change the default logout page for Blazor Server: Scaffold different logout for Blazor Server Scaffolding#1423 ... OR, alternatively ...
  • XSRF antiforgery token content exists and the component can pass it to the endpoint because I don't think we want to tell devs to decorate server-side endpoints with @attribute [IgnoreAntiforgeryToken], including for logout. The coverage is at: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-7.0&tabs=visual-studio#pass-an-xsrf-token-to-the-app
• Per [Blazor][Server] Docs about how to avoid reliance on HTTP Context need to be in a more prominent place #20649 (closed) and [SignalR][Blazor] HttpContext and IHttpContextAccessor #14974 (open), cross-link new SignalR coverage on HttpContext/IHttpContextAccessor to the existing Blazor doc remarks. Addressed by Blazor Server security updates. However, [SignalR][Blazor] HttpContext and IHttpContextAccessor #14974 remains open for a section in the SignalR docs.
• The commented out content of the Forms topic can now point to the upload with image preview section in the File Upload topic. Fixed on Update cross-link/content for image preview #28434.
• Check for consistent forward-slash paths in .NET CLI commands. Determine for other commands if forward-slashes will work in order to use them in as many spots as possible. Checked: All commands use forward slashes. 👍
• Make {APP ASSEMBLY} into {ASSEMBLY NAME} everywhere. Fixed on Change placeholder #28435.
• Convert topics off of Whole-topic Versioning because Version-by-file Versioning has seemingly failed to materialize. This is a many-🌚s effort that will take some time to complete. RESULT: Success! 🎉💃🕺🍻 There's only one article that still uses the approach, Prerender and integrate, which is a complex topic. I'm going to hold off and assess it later because of the extensive updates that we're going to make for .NET 8. If we're going to version this out out at .NET 8 and create a new topic to cover persisting concepts for 8.0+, then I don't think there's a good reason to invest a lot of time (💰) on a topic revision.
• The Startup article doesn't clarify exact use cases for the chaining approach with Blazor.start().then versus the afterStarted approach with a JS initializer. Cross-link JS initializer coverage #28275
• File uploads topic: Fix accessibility of the yes/no icons. Use: <span aria-hidden="true">XXXXX</span><span class="visually-hidden">XXXXX</span> PR: Binding guidance improvements #27991
• Fix accessibility for symbols in other topics (see prior bullet). PR: Symbol accessibility #28873
• Per Steve's .NET Conf talk, shouldn't we briefly cover FileSystem API use in Blazor apps?
• Let's run through the testassets pieces in the framework to see what might be helpful for devs to see in docs. It's a large task tho because there's so much there. This probably can't be worked in 23H1, possibly for 23Q3 tho.
• There's great PU-provided memory leak guidance on Severe blazor server memory leak aspnetcore#43221. Take a look and see if/what could go into docs, possibly even just by linking the PU issue to cover it in the near-term. UPDATE: We have good guidance on this. Additional cross-linking added with some NIT updates on Memory management updates #29770.
• Replace in-text (usually non-working) examples with dotnet/blazor-samples-based, fully working, cut-'n-paste examples. Might be best to create a list on an issue first, then I can work down the list.
• It would probably be nice to create a QuickGrid example that opens and closes a detail record component without losing the page and scroll position of the grid. For context, see Blazor database example's list page is reloaded when coming back from a details page blazor-samples#58.
• I think I need to cross-link https://learn.microsoft.com/en-us/aspnet/core/blazor/security/server/threat-mitigation?view=aspnetcore-7.0#denial-of-service-dos-attacks to the DoS NOTE on message size limit, particularly in the fundamentals signalr config guidance. Fixed on Warn on MaximumReceiveMessageSize #27014.
• Firefox debug support per Firefox support #27411. Check back in 23Q1 on status because there's currently no PU issue to track on. Found out on Is there a Blazor WebAssembly Firefox support issue for tracking? runtime#82290 that CLI support lands for .NET 8. This will now be tracked by the .NET 8 tracking issue.
• Do we want a cascading param state management example? https://learn.microsoft.com/en-us/aspnet/core/blazor/state-management?view=aspnetcore-6.0&pivots=webassembly#additional-approaches-wasm Blazor: In-memory state container as cascading parameter #27296
• Best to have PU 🐈 look over the SignalR-Blazor enhancements for SignalR config (in the SignalR doc and the WASM/Server Host and Deploy docs) and SignalR client logging (in the Logging doc).
• Adopt file-scoped namespaces for 6.0 or later examples and snippet samples. Started for article inline code on File-scoped namespaces #28436. Finished with Implement file-scoped namespaces blazor-samples#70.
• There's about a half-dozen or so cases of using compiler directives around the docs to control code for debug vs. release configs. Confirm that configuration/environment can't manage these cases or that using configuration/environment wouldn't make sense for them. I checked: Usage seems ok in the examples where it appears.
• Ask for review of the new example at Fundamentals > DI > Utility base component classes to manage a DI scope section.
• Chat with Javier about the WHY aspects on MSBuild properties for hosted deployment options #26620 (comment). I'd like to know why the RID works with the MSBuild prop (/p:RuntimeIdentifier={RID} but the self-contained setting doesn't (/p:SelfContained=false).
• Ask about https://docs.microsoft.com/en-us/aspnet/core/blazor/components/dynamiccomponent?view=aspnetcore-6.0 per Update event callback approach #26557. Is this the best way to showcase event callbacks with dymanic components?
• When Document blazor msbuild configuration options docs#27395 is resolved and Mono/WASM MSBuild props are covered, update the cross-links from the targets file to the new official doc. Links can be located on the PR that added them at Mono/WASM MSBuild property guidance #24493.

UE pass tracking

• Scaffolding for Blazor in the main doc set article. The approaches should be evaluated with .NET 7, especially styling Identity pages/views to match the Blazor theme in https://learn.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-7.0&tabs=visual-studio#use-a-custom-layout-with-blazor-app-styles. PR: Blazor scaffold Identity updates #29384
• Components - The Overview topic is getting a bit too long again. Time to look and see if we can split out content into new, smaller sub-topics in this node. This page should be broken up #27811, ASP.NET Core Razor components overview - split out Blazor Custom Elements sections #27931 Also, per does not declare @inject ILogger<FileUpload1> #28452 (comment), I think that bit on the class name of the component being in the Markup section isn't placed well. I think that should roll in with the Namespace section remarks with a section name change, perhaps to Class name and namespace. PRs: There were about four PRs that split out new topics and improved the organization of the overview's content.
• Call a web API from WebAssembly — Although this topic had it's UE pass in '21 on Blazor Call web API UE pass #22410, the web API aspects rely on the main doc set web API article, and churn in the web API doc can break the Blazor experience in this topic. UPDATE (4/6): Made major updates on Call web API article updates #28887, but the updates don't address the focus of this item. I still need to confirm the Todo list API examples work against the server API app from the main doc set article. Issue: Improve the call web API PATCH section #29783 PR: Call web API PATCH section improvements #29784
• Security and Identity — See 👉 Would it be too much to ask to properly explain this #20708, Explain schemes in Blazor WASM security #19807, and AzureADDefaults.JwtBearerAuthenticationScheme vs AzureADDefaults.BearerAuthenticationScheme #19226. I placed an ellipsis in the App component example INCLUDE(s) to cover 6.0 churn. See: Missing code which is generated from project template #23696. Work Add an AAD scenario: authorized client apps for APIs #25026 in this node. There are general remarks and some specific items for AAD/AAD B2C and UserManager/SignInManager at Confusing instructions, Code example cause internal Server error #27279.
  • Check and update scaffolding guidance on styling while I'm at it here. PR: Blazor scaffold Identity updates #29384
  • Overview — Either here or in the Blazor Server Overview: How to refresh updated Claims without login out #22405
  • Blazor Server — Unable to do this with Teams Toolkit #27432
    • Overview — Review, work was done on 👉 Update Blazor Server authentication topics for ASP.NET Core 5.0 #20119 and mention Miss a strategy to handle the refresh of tokens #19797 (comment).
    • Threat mitigation
    • Additional scenarios — Review, work was done on 👉 Update Blazor Server authentication topics for ASP.NET Core 5.0 #20119. Also, see 👉 Provide More Details on "Common Services" #22122.
  • Blazor WebAssembly
    • Overview
    • Standalone with Authentication library — See 👉 Blazor std-alone oidc authorization not requesting prompt #21510, Blazor standalone oidc authorization not requesting prompt aspnetcore#30068, "offline_access" scope with AddOidcAuthentication? #23712
    • Standalone with Microsoft Accounts: See This page does not describe authentication with "MS Account" #21816
    • Standalone with AAD
    • Standalone with AAD B2C — "custom user flows" language Can't log in or create account or reset password #21144. Take a look at signup-signin Azure UI per Blazor WASM AADB2C template fetchdata failed due to The issuer '(null)' is invalid aspnetcore#39401 (comment). Note to readers that B2C with Graph API isn't supported.
    • Hosted with AAD — See 👉 Question/Clarification wanted for Blazor WebAssembly Azure AD Setup Documentation #21983, Web is not the default if you create new app #26165
    • Hosted with AAD B2C — "custom user flows" language Can't log in or create account or reset password #21144; see 👉 Critical error out of the box. #21640. Take a look at signup-signin Azure UI per Blazor WASM AADB2C template fetchdata failed due to The issuer '(null)' is invalid aspnetcore#39401 (comment). Take a look at an edge case for wanting the id token in spite of the default code flow: Error retrieving the current token in a Blazor application after successful authentication in Azure B2C with Msal aspnetcore#39311 (comment) w/addl discussion at Error retrieving the current token in a Blazor application after successful authentication with Oidc client aspnetcore#41873 ... I don't think that we'll cover it, but take a look, especially if MS IdP/MSAL/Azure docs cover it and it can be cross-linked (and this assumes that we're even keeping this topic in the first place. It might get the 🔪.) Note to readers that B2C with Graph API isn't supported directly ... the host ASP.NET Core app can expose Graph API via web API calls.
    • Hosted with Identity Server — See 👉 Can't find certificate in store when deploy in production. #21842 and also see CAN'T DEPLOY BLAZOR WASM ON AZURE #22753 (Was it just VS not creating the project with the correct Identity config to run OOB when deployed to Azure directly from VS?) Consider splitting out custom domains from IdS, and check on the B1 requirement IdS-only scnearios (it might not be a requirement in that case). See 👉 Confirm hosted Blazor IdS AKV certificate access guidance #24067 (comment). If the doc doesn't already say that DP must be configured for automatic key management, make it say that and cross-link to the main doc set doc section (see: Add section about setting up the IdentityServer key in prodution #27989 (comment)).
    • Graph API: Update for Graph SDK 5.0 #28573
    • Additional scenarios - Look for split-out opportunities. Possibly add an introductory ToC with section descriptions. Consider if the Unauthenticated or unauthorized web API requests in an app with a secure default client section could be better cross-linked/mentioned explicitly in the individual WASM security topics (Blazor Server Authorize Attribute #22217 and Additional HTTP client reference in note section #22220). Consider making an INCLUDE out of the prerendering guidance and shooting a copy of that into the Prerendering and Integration topic (Add Blazor hosted WASM prerendering steps when using Azure Ad authentication #23441). Check on the "outgoing HttpResponseMessage" language in the API doc, per discussion at Confusing AuthorizationMessageHandler remark #26739 (and respond back on that issue with the final answer from the PU).
  • Content Security Policy
• Debug WebAssembly — Resolve 👉 Something is missing in this instructions on how to debug a Blazor Webassembly hosted. #23373 ... and we'll probably need to show full files everywhere we refer to tasks.json/launch.json due to Errors when running .net generate assets to build .vscode folder vscode-csharp#4542. See 👉 small clarification #23777
• WebAssembly native dependencies
• Test components - Specifically, let's consider hosting example component tests for WASM and Server (TestServer). Missing example on how to use TestServer with ASP.NET 6 #25263
• Progressive Web Applications — See 👉 Blazor SPA PWA offline auth #21100
• Host and deploy: Apache for hosted WASM/sub-app scenarios might need more work. See 👉 Blazor Linux hosting #24519 (comment).
  • Overview — Perhaps for Routing, too, but clarify the navigation behavior of NavigationManager.NavigateTo. See :point-right: Use relative path in NavigateTo #22146 (comment).
  • Blazor Server — See 👉 Publishing Blazor to IIS from Visual Studio #21226
  • Blazor WebAssembly — See 👉 Revert to minified Google Brotli script in Blazor WASM hosting #19979 and Virus Detected! #21829 (comment) and validate web.config post PR Remove .wasm file extension before redefining it #24950 and in light of discussion on https://stackoverflow.com/a/69888016 and https://stackoverflow.com/a/70967738. Probably add a tagged SO filter link: https://stackoverflow.com/questions/tagged/blazor+iis+compression
  • WebAssembly deployment layout
• Blazor Server and EF Core — Consider using the QuickGrid now that it's a supported part of the framework.
• External to the Blazor node: Scaffolding topic sections that pertain to Blazor — See 👉 Blazor and jwt problems with Scaffold Identity #8434 (comment) UPDATE (7/17): This was addressed on a couple of PRs (e.g., Blazor scaffold Identity updates #29384).

SEPARATE WORK ITEM FOR SECURITY NODE

• Consider a topic on Azure Functions with Blazor WASM+AAD/B2C: My understanding is that it was NOT possible ... at least for B2C (perhaps AAD always worked). See Blazor Webassembly (standalone) does not work with v2.0 endpoints aspnetcore#35794 (comment). That discussion occurred back in August, 2021, so things may have improved by now for B2C/WASM/AF. Not needed: This is a widely-adopted scenario at this point. Apparently, the Azure FN docs cover the basics for SPA use. There is/was a small problem with auth, but it was/is well-discussed in the Azure FN doc issues. Otherwise, there are plenty of blog posts out there. I don't think we need special coverage.

UE pass tracking

New topics added recently that haven't had the 🦖 Rex Treatment™ 🦖 ... or at least haven't had a pass for a few years ...

• Blazor Server and EF Core
• Multiple hosted WASM apps article
• Debug WASM article
• Call web API topic: I'd like to divorce this from the main doc set's web API article in favor of a small Minimal APIs-based web API app for the experiences in the topic. I think churn on the main doc set article may have broken the cut-'n-paste, fully working examples that I have. I either need to update the examples to match the latest guidance in the web API article or place a dedicated app example in this topic, and I favor the latter because of on-going web API article churn ... this is a fragile 💥 setup because I don't maintain both articles.
• File Uploads article
• File Downloads article
• Test article
• PWA article
• Performance best practices article
• State Management article
• Virtualization article: Blazor Virtualize Docs Are Confusing #27537
• Blazor Hybrid
  • Overview
  • Tutorials
    • Overview
    • .NET MAUI
    • Windows Forms
    • WPF
  • Routing and navigation
  • Static files
  • Dev Tools
  • Reuse components