Draft - Exception handler, pipe reader, top-level domain (#35928)

* draft

* typo

* h2-->h3

* Remove assignment info

* typo

Author: tdykstra

aspnetcore/release-notes/aspnetcore-10.0.md

@@ -88,6 +88,12 @@ For more information, see <xref:log-mon/metrics/built-in#microsoftaspnetcoreauth
 
 This section describes miscellaneous new features in .NET 10.
 
+[!INCLUDE[](~/release-notes/aspnetcore-10/includes/exception-handler.md)]
+
+[!INCLUDE[](~/release-notes/aspnetcore-10/includes/top-level-domain.md)]
+
+[!INCLUDE[](~/release-notes/aspnetcore-10/includes/pipe-reader.md)]
+
 [!INCLUDE[](~/release-notes/aspnetcore-10/includes/memory-eviction.md)]
 
 [!INCLUDE[](~/release-notes/aspnetcore-10/includes/httpsys.md)]

aspnetcore/release-notes/aspnetcore-10/includes/exception-handler.md

@@ -0,0 +1,18 @@
+### Configure suppressing exception handler diagnostics
+
+A new configuration option has been added to the [ASP.NET Core exception handler middleware](https://learn.microsoft.com/aspnet/core/fundamentals/error-handling#exception-handler-page)  to control diagnostic output: `ExceptionHandlerOptions.SuppressDiagnosticsCallback`. This callback is passed context about the request and exception, allowing you to add logic that determines whether the middleware should write exception logs and other telemetry.
+
+This setting is useful when you know an exception is transient or has been handled by the exception handler middleware, and don't want error logs written to your observability platform.
+
+Additionally, the middleware's default behavior has changed: it no longer writes exception diagnostics for exceptions handled by `IExceptionHandler`. Based on user feedback, logging handled exceptions at the error level was often undesirable when `IExceptionHandler.TryHandleAsync` returned `true`.
+
+You can revert to the previous behavior by configuring `SuppressDiagnosticsCallback`:
+
+```csharp
+app.UseExceptionHandler(new ExceptionHandlerOptions
+{
+    SuppressDiagnosticsCallback = context => false;
+});
+```
+
+For more information about this breaking change, see https://github.com/aspnet/Announcements/issues/524.

aspnetcore/release-notes/aspnetcore-10/includes/pipe-reader.md

@@ -0,0 +1,37 @@
+### Json+PipeReader deserialization support in MVC and Minimal
+
+PR: https://github.com/dotnet/aspnetcore/pull/62895
+
+See https://github.com/dotnet/core/blob/dotnet10-p7-libraries/release-notes/10.0/preview/preview7/libraries.md#pipereader-support-for-json-serializer
+
+MVC, Minimal APIs, and the `HttpRequestJsonExtensions.ReadFromJsonAsync` methods have all been updated to use the new Json+PipeReader support without requiring any code changes from applications.
+
+For the majority of applications this should have no impact on behavior. However, if the application is using a custom `JsonConverter`, there is a chance that the converter doesn't handle [Utf8JsonReader.HasValueSequence](https://learn.microsoft.com/dotnet/api/system.text.json.utf8jsonreader.hasvaluesequence) correctly. This can result in missing data and errors like `ArgumentOutOfRangeException` when deserializing.
+
+The quick workaround (especially if you don't own the custom `JsonConverter` being used) is to set the `"Microsoft.AspNetCore.UseStreamBasedJsonParsing"` [AppContext](https://learn.microsoft.com/dotnet/api/system.appcontext?view=net-9.0) switch to `"true"`. This should be a temporary workaround and the `JsonConverter`(s) should be updated to support `HasValueSequence`.
+
+To fix `JsonConverter` implementations, there is the quick fix which allocates an array from the `ReadOnlySequence` and would look something like:
+```csharp
+public override T? Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
+{
+    var span = reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan;
+    // previous code
+}
+```
+
+Or the more complicated (but performant) fix which would involve having a separate code path for the `ReadOnlySequence` handling:
+```csharp
+public override T? Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
+{
+    if (reader.HasValueSequence)
+    {
+        reader.ValueSequence;
+        // ReadOnlySequence optimized path
+    }
+    else
+    {
+        reader.ValueSpan;
+        // ReadOnlySpan optimized path
+    }
+}
+```

aspnetcore/release-notes/aspnetcore-10/includes/top-level-domain.md

@@ -0,0 +1,41 @@
+### Support for the .localhost Top-Level Domain
+
+The `.localhost` top-level domain (TLD) is defined in [RFC2606](https://www.rfc-editor.org/rfc/rfc2606) and [RFC6761](https://www.rfc-editor.org/rfc/rfc6761) as being reserved for testing purposes and available for users to use locally as they would any other domain name. This means using a name like `myapp.localhost` locally that resolves to the IP loopback address is allowed and expected according to these RFCs. Additionally, modern evergreen browsers already automatically resolve any `*.localhost` name to the IP loopback address (`127.0.0.1`/`::1`), effectively making them an alias for any service already being hosted at `localhost` on the local machine, i.e. any service responding to `http://localhost:6789` will also respond to `http://anything-here.localhost:6789`, assuming no further specific hostname verification or enforcement is being performed by the service.
+
+ASP.NET Core has been updated in .NET 10 preview 7 to better support the `.localhost` TLD, such that it can now be easily used when creating and running ASP.NET Core applications in your local development environment. Having different apps running locally be resolvable via different names allows for better separation of some domain-name-associated website assets, e.g. cookies, and makes it easier to identify which app you're browsing via the name displayed in the browser address bar.
+
+ASP.NET Core's built-in HTTP server, Kestrel, will now correctly treat any `*.locahost` name set via [supported endpoint configuration mechanisms](https://learn.microsoft.com/aspnet/core/fundamentals/servers/kestrel/endpoints#configure-endpoints) as the local loopback address and thus bind to it rather than all external address (i.e. bind to `127.0.0.1`/`::1` rather than `0.0.0.0`/`::`). This includes the `"applicationUrl"` property in [launch profiles configured in a *launchSettings.json* file](https://learn.microsoft.com/aspnet/core/fundamentals/environments#development-and-launchsettingsjson), and the `ASPNETCORE_URLS` environment variable. When configured to listen on a `.localhost` address, Kestrel will log an information message for both the `.localhost` **and** `localhost` addresses, to make it clear that both names can be used.
+
+*Note that while web browsers will automatically resolve `*.localhost` names to the local loopback address, other applications may treat `*.localhost` names as a regular domain names and attempt to resolve them via their corresponding DNS stack. If your DNS configuration does not resolve `*.localhost` names to an address then they will fail to connect. You can continue to use the regular `localhost` name to address your applications when not in a web browser.*
+
+The [ASP.NET Core HTTPS development certificate](https://learn.microsoft.com/aspnet/core/security/enforcing-ssl#trust-the-aspnet-core-https-development-certificate) (including the `dotnet dev-certs https` command) have been updated to ensure the certificate is valid for use with the `*.dev.localhost` domain name. After installing .NET 10 SDK preview 7, trust the new developer certificate by running `dotnet dev-certs https --trust` at the command line to ensure your system is configured to trust the new certificate.
+
+*Note that the certificate lists the `*.dev.localhost` name as a Subject Alternative Name (SAN) rather than `*.localhost` as it's invalid to have wildcard certificates for top-level domain names*
+
+The project templates for *ASP.NET Core Empty* (`web`) and *Blazor Web App* (`blazor`) have been updated with a new option that when specified configures the created project to use the `.dev.localhost` domain name suffix, combining it with the project name to allow the app to be browsed to at an address like `https://myapp.dev.localhost:5036`:
+
+```
+$ dotnet new web -n MyApp --localhost-tld
+The template "ASP.NET Core Empty" was created successfully.
+
+Processing post-creation actions...
+Restoring D:\src\MyApp\MyApp.csproj:
+Restore succeeded.
+
+$ cd .\MyApp\
+$ dotnet run --launch-profile https
+info: Microsoft.Hosting.Lifetime[14]
+      Now listening on: https://myapp.dev.localhost:7099
+info: Microsoft.Hosting.Lifetime[14]
+      Now listening on: https://localhost:7099/
+info: Microsoft.Hosting.Lifetime[14]
+      Now listening on: http://myapp.dev.localhost:5036
+info: Microsoft.Hosting.Lifetime[14]
+      Now listening on: http://localhost:5036/
+info: Microsoft.Hosting.Lifetime[0]
+      Application started. Press Ctrl+C to shut down.
+info: Microsoft.Hosting.Lifetime[0]
+      Hosting environment: Development
+info: Microsoft.Hosting.Lifetime[0]
+      Content root path: D:\src\local\10.0.1xx\MyApp
+```