dotnet · guardrex · Mar 25, 2025 · Mar 25, 2025 · Mar 25, 2025 · Mar 25, 2025
diff --git a/aspnetcore/blazor/images-and-documents.md b/aspnetcore/blazor/images-and-documents.md
@@ -157,8 +157,8 @@ The following `ShowImage2` component:
 
 The following `ShowFile` component loads either a text file (`files/quote.txt`) or a PDF file (`files/quote.pdf`) into an [`<iframe>` element](https://developer.mozilla.org/docs/Web/HTML/Element/iframe).
 
-> [!CAUTION]
-> ⚠️ Use of the `<iframe>` element in the following example is safe and doesn't require [sandboxing](https://developer.mozilla.org/docs/Web/HTML/Element/iframe#sandbox) because content is loaded from the app, which is a trusted source.
+> [!WARNING]
+> Use of the `<iframe>` element in the following example is safe and doesn't require [sandboxing](https://developer.mozilla.org/docs/Web/HTML/Element/iframe#sandbox) because content is loaded from the app, which is a trusted source.
 >
 > When loading content from an untrusted source or user input, an improperly implemented `<iframe>` element risks creating security vulnerabilities.
 

diff --git a/aspnetcore/blazor/security/blazor-web-app-with-entra.md b/aspnetcore/blazor/security/blazor-web-app-with-entra.md
@@ -120,7 +120,7 @@ The following specification is covered:
 
 For more information on .NET Aspire, see [General Availability of .NET Aspire: Simplifying .NET Cloud-Native Development (May, 2024)](https://devblogs.microsoft.com/dotnet/dotnet-aspire-general-availability/).
 
-## Prerequisite
+## Prerequisites
 
 [.NET Aspire](/dotnet/aspire/get-started/aspire-overview) requires [Visual Studio](https://visualstudio.microsoft.com/) version 17.10 or later.
 

diff --git a/aspnetcore/blazor/security/blazor-web-app-with-oidc.md b/aspnetcore/blazor/security/blazor-web-app-with-oidc.md
@@ -453,7 +453,7 @@ The following specification is covered:
 
 For more information on .NET Aspire, see [General Availability of .NET Aspire: Simplifying .NET Cloud-Native Development (May, 2024)](https://devblogs.microsoft.com/dotnet/dotnet-aspire-general-availability/).
 
-## Prerequisite
+## Prerequisites
 
 [.NET Aspire](/dotnet/aspire/get-started/aspire-overview) requires [Visual Studio](https://visualstudio.microsoft.com/) version 17.10 or later.
 

diff --git a/aspnetcore/blazor/security/content-security-policy.md b/aspnetcore/blazor/security/content-security-policy.md
@@ -166,7 +166,7 @@ Blazor Web Apps (.NET 8 or later) automatically include a response header settin
 Content-Security-Policy: frame-ancestors 'self'
 ```
 
-To change the default value to the more restrictive `'none'` and prevent all parents from embedding the app, set the <xref:Microsoft.AspNetCore.Components.Server.ServerComponentsEndpointOptions.ContentSecurityFrameAncestorsPolicy%2A> option in the call to <xref:Microsoft.AspNetCore.Builder.ServerRazorComponentsEndpointConventionBuilderExtensions.AddInteractiveServerRenderMode%2A> in the `Program` file. The following only takes effect when WebSocket compression is enabled (`<xref:Microsoft.AspNetCore.Components.Server.ServerComponentsEndpointOptions.ConfigureWebSocketAcceptContext%2A>` is set, which is the default for Blazor apps).
+To change the default value to the more restrictive `'none'` and prevent all parents from embedding the app, set the <xref:Microsoft.AspNetCore.Components.Server.ServerComponentsEndpointOptions.ContentSecurityFrameAncestorsPolicy%2A> option in the call to <xref:Microsoft.AspNetCore.Builder.ServerRazorComponentsEndpointConventionBuilderExtensions.AddInteractiveServerRenderMode%2A> in the `Program` file. The following only takes effect when WebSocket compression is enabled (<xref:Microsoft.AspNetCore.Components.Server.ServerComponentsEndpointOptions.ConfigureWebSocketAcceptContext> is set, which is the default for Blazor apps).
 
 ```csharp
 .AddInteractiveServerRenderMode(o => o.ContentSecurityFrameAncestorsPolicy = "'none'")
@@ -399,8 +399,8 @@ Subresource Integrity (SRI) enables browsers to confirm that fetched resources a
 
 In the following example for a Blazor Server app, an integrity is calculated using a third-party tool and specified for the Blazor script (`blazor.server.js`) and CSP. The Blazor script doesn't dynamically change in this scenario and has a stable SHA hash, so you can hardcode the `integrity` attribute's value.
 
-> [!CAUTION]
-> ⚠️ Set the [`crossorigin` attribute](https://developer.mozilla.org/docs/Web/HTML/Attributes/crossorigin) on a subresource that's loaded from a different origin without [Cross-Origin Resource Sharing (CORS)](xref:security/cors). If the app's origin is different from where a subresource loads, an `Access-Control-Allow-Origin` header is required that allows the resource to be shared with the requesting origin *or else* the `crossorigin` attribute must be applied to the subresource's tag in the app. Otherwise, the browser adopts the 'fail-open' policy for the subresource, which means the subresource is loaded without checking its integrity.
+> [!WARNING]
+> Set the [`crossorigin` attribute](https://developer.mozilla.org/docs/Web/HTML/Attributes/crossorigin) on a subresource that's loaded from a different origin without [Cross-Origin Resource Sharing (CORS)](xref:security/cors). If the app's origin is different from where a subresource loads, an `Access-Control-Allow-Origin` header is required that allows the resource to be shared with the requesting origin *or else* the `crossorigin` attribute must be applied to the subresource's tag in the app. Otherwise, the browser adopts the 'fail-open' policy for the subresource, which means the subresource is loaded without checking its integrity.
 >
 > The `crossorigin` attribute isn't added to the Blazor `<script>` tag in the following example because the Blazor script is loaded from the app's origin.
 >

diff --git a/aspnetcore/blazor/tutorials/movie-database-app/part-7.md b/aspnetcore/blazor/tutorials/movie-database-app/part-7.md
@@ -358,8 +358,8 @@ To delete all of the records in the database, use one of the following approache
 
 :::zone-end
 
-> [!CAUTION]
-> ⚠️ Use extreme caution when deleting records from a database. Deleting records is permanent without taking additional data loss mitigation steps. Production databases often provision automatic backup copies of data, either instantaneously as the database is modified or periodically, including with off-site copies and permanent physical storage of data.
+> [!WARNING]
+> Use extreme caution when deleting records from a database. Deleting records is permanent without taking additional data loss mitigation steps. Production databases often provision automatic backup copies of data, either instantaneously as the database is modified or periodically, including with off-site copies and permanent physical storage of data.
 
 After deleting all of the records, run the app. The initializer reseeds the database and includes the correct movie ratings for the `Rating` field based on the seeding code.
 

diff --git a/aspnetcore/fundamentals/openapi/include-metadata.md b/aspnetcore/fundamentals/openapi/include-metadata.md
@@ -379,10 +379,9 @@ When not specified by an attribute:
 * the schema for the response body of 3xx and 5xx responses is considered to be not specified,
 * the content-type for the response body can be inferred from the return type of the action method and the set of output formatters.
 
-Note that there are no compile-time checks to ensure that the response metadata specified with a [`[ProducesResponseType]`](xref:Microsoft.AspNetCore.Mvc.ProducesResponseTypeAttribute) attribute is consistent with the actual behavior of the action method,
-which may return a different status code or response body type than specified by the metadata.
+By default, there are no compile-time checks to ensure that the response metadata specified with a [`[ProducesResponseType]` attribute](xref:Microsoft.AspNetCore.Mvc.ProducesResponseTypeAttribute) is consistent with the actual behavior of the action method, which may return a different status code or response body type than specified by the metadata. To enable these checks, [enable Web API analyzers](xref:web-api/advanced/analyzers).
 
-In controller-based apps, ASP.NET responds with a ProblemDetails response type when model validation fails or when the action method returns a result with a 4xx or 5xx HTTP status code. Validation errors typically use the 400 status code, so you can use the [`[ProducesResponseType]`](xref:Microsoft.AspNetCore.Mvc.ProducesResponseTypeAttribute) attribute to specify the error response for an action, as shown in the following example:
+In controller-based apps, ASP.NET responds with a ProblemDetails response type when model validation fails or when the action method returns a result with a 4xx or 5xx HTTP status code. Validation errors typically use the 400 status code, so you can use the [`[ProducesResponseType]` attribute](xref:Microsoft.AspNetCore.Mvc.ProducesResponseTypeAttribute) to specify the error response for an action, as shown in the following example:
 
 ```csharp
 [HttpPut("/todos/{id}")]
@@ -541,7 +540,7 @@ public enum DayOfTheWeekAsString
 }
 ```
 
-A special case is when an enum type has the [Flags] attribute, which indicates that the enum can be treated as a bit field; that is, a set of flags. A flags enum with a [JsonConverterAttribute] will be defined as `type: string` in the generated schema with no `enum` property, since the value could be any combination of the enum values. For example, the following enum:
+A special case is when an enum type has the `[Flags]` attribute, which indicates that the enum can be treated as a bit field; that is, a set of flags. A flags enum with a `[JsonConverterAttribute]` is defined as `type: string` in the generated schema with no `enum` property, since the value could be any combination of the enum values. For example, the following enum:
 
 ```csharp
 [Flags, JsonConverter(typeof(JsonStringEnumConverter<PizzaToppings>))]

diff --git a/aspnetcore/signalr/client-features.md b/aspnetcore/signalr/client-features.md
@@ -29,18 +29,18 @@ The 1.x versions of SignalR map to the 2.1 and 2.2 .NET Core releases and have t
 
 The table below shows the features and support for the clients that offer real-time support. For each feature, the *minimum* version supporting this feature is listed. If no version is listed, the feature isn't supported.
 
-| Feature | Server | .NET client | JavaScript client | Java client |
-| ---- | :-: | :-: | :-: | :-: |
-| Azure SignalR Service Support |2.1.0|1.0.0|1.0.0|1.0.0|
-| [Server-to-client Streaming](xref:signalr/streaming)          |2.1.0|1.0.0|1.0.0|1.0.0|
-| [Client-to-server Streaming](xref:signalr/streaming)          |3.0.0|3.0.0|3.0.0|3.0.0|
-| Automatic Reconnection ([.NET](xref:signalr/dotnet-client#handle-lost-connection), [JavaScript](xref:signalr/javascript-client#reconnect-clients))          |3.0.0|3.0.0|3.0.0|❌|
-| WebSockets Transport |2.1.0|1.0.0|1.0.0|1.0.0|
-| Server-Sent Events Transport |2.1.0|1.0.0|1.0.0|❌|
-| Long Polling Transport |2.1.0|1.0.0|1.0.0|3.0.0|
-| JSON Hub Protocol |2.1.0|1.0.0|1.0.0|1.0.0|
-| MessagePack Hub Protocol |2.1.0|1.0.0|1.0.0|5.0.0|
-| Client Results |7.0.0|7.0.0|7.0.0|7.0.0|
+| Feature | Server | .NET client | JavaScript client | Java client | Swift client |
+| ---- | :-: | :-: | :-: | :-: | :-: |
+| Azure SignalR Service Support |2.1.0|1.0.0|1.0.0|1.0.0|1.0.0-preview.1|
+| [Server-to-client Streaming](xref:signalr/streaming)          |2.1.0|1.0.0|1.0.0|1.0.0|1.0.0-preview.1|
+| [Client-to-server Streaming](xref:signalr/streaming)          |3.0.0|3.0.0|3.0.0|3.0.0|❌|
+| Automatic Reconnection ([.NET](xref:signalr/dotnet-client#handle-lost-connection), [JavaScript](xref:signalr/javascript-client#reconnect-clients))          |3.0.0|3.0.0|3.0.0|❌|1.0.0-preview.1|
+| WebSockets Transport |2.1.0|1.0.0|1.0.0|1.0.0|1.0.0-preview.1|
+| Server-Sent Events Transport |2.1.0|1.0.0|1.0.0|❌|1.0.0-preview.1|
+| Long Polling Transport |2.1.0|1.0.0|1.0.0|3.0.0|1.0.0-preview.1|
+| JSON Hub Protocol |2.1.0|1.0.0|1.0.0|1.0.0|1.0.0-preview.1|
+| MessagePack Hub Protocol |2.1.0|1.0.0|1.0.0|5.0.0|1.0.0-preview.1|
+| Client Results |7.0.0|7.0.0|7.0.0|7.0.0|1.0.0-preview.1|
 
 Support for enabling additional client features is tracked in [our issue tracker](https://github.com/dotnet/AspNetCore/issues).
 

diff --git a/aspnetcore/signalr/supported-platforms.md b/aspnetcore/signalr/supported-platforms.md
@@ -39,11 +39,15 @@ If the server runs IIS, the WebSockets transport requires IIS 8.0 or later on Wi
 
 The [Java client](xref:signalr/java-client) supports Java 8 and later versions.
 
+## Swift client
+
+The [Swift client](https://github.com/dotnet/signalr-client-swift) supports Swift >= 5.10
+
 ## Unsupported clients
 
 The following clients are available but are experimental or unofficial. The following clients aren't currently supported and may never be supported:
 
 * [C++ client](https://github.com/aspnet/SignalR-Client-Cpp)
-* [Swift client](https://github.com/moozzyk/SignalR-Client-Swift)
+* [3rd party Swift client](https://github.com/moozzyk/SignalR-Client-Swift)
 
 [!INCLUDE[](~/includes/SignalR/es6.md)]