From cad29d19609d689299438d2b3ff02b958f5066a0 Mon Sep 17 00:00:00 2001 From: Stephen Halter Date: Tue, 25 Nov 2025 13:15:30 -0800 Subject: [PATCH 1/3] Enhance security guidance for static SSR in Blazor Added information about configuring CookieAuthenticationOptions for handling unauthorized requests during static SSR. --- aspnetcore/blazor/security/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/blazor/security/index.md b/aspnetcore/blazor/security/index.md index 3a820c5ffc9b..765c6d8f30de 100644 --- a/aspnetcore/blazor/security/index.md +++ b/aspnetcore/blazor/security/index.md @@ -1201,7 +1201,7 @@ Although the :::moniker range=">= aspnetcore-8.0" -Razor components of Blazor Web Apps never display `` content when authorization fails server-side during static server-side rendering (static SSR). The server-side ASP.NET Core pipeline processes authorization on the server. Use server-side techniques to handle unauthorized requests. For more information, see . +Razor components of Blazor Web Apps never display `` content when authorization fails server-side during static server-side rendering (static SSR). The server-side ASP.NET Core pipeline processes authorization on the server. Use server-side techniques like configuring to handle unauthorized requests. For more information, see . :::moniker-end From 64c9a6fb2478215a52dad929c075ac6796748515 Mon Sep 17 00:00:00 2001 From: Luke Latham <1622880+guardrex@users.noreply.github.com> Date: Tue, 25 Nov 2025 16:19:59 -0500 Subject: [PATCH 2/3] Apply suggestions from code review --- aspnetcore/blazor/security/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/blazor/security/index.md b/aspnetcore/blazor/security/index.md index 765c6d8f30de..42b070547755 100644 --- a/aspnetcore/blazor/security/index.md +++ b/aspnetcore/blazor/security/index.md @@ -1201,7 +1201,7 @@ Although the :::moniker range=">= aspnetcore-8.0" -Razor components of Blazor Web Apps never display `` content when authorization fails server-side during static server-side rendering (static SSR). The server-side ASP.NET Core pipeline processes authorization on the server. Use server-side techniques like configuring to handle unauthorized requests. For more information, see . +Razor components of Blazor Web Apps never display `` content when authorization fails server-side during static server-side rendering (static SSR). The server-side ASP.NET Core pipeline processes authorization on the server. Use server-side techniques, such as configuring to handle unauthorized requests. For more information, see . :::moniker-end From 9457b727a2e6050242bf331fd9482af042d2ad0c Mon Sep 17 00:00:00 2001 From: Luke Latham <1622880+guardrex@users.noreply.github.com> Date: Tue, 25 Nov 2025 16:25:44 -0500 Subject: [PATCH 3/3] Fix reference to CookieAuthenticationOptions in documentation --- aspnetcore/blazor/security/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/blazor/security/index.md b/aspnetcore/blazor/security/index.md index 42b070547755..083f29812e25 100644 --- a/aspnetcore/blazor/security/index.md +++ b/aspnetcore/blazor/security/index.md @@ -1201,7 +1201,7 @@ Although the :::moniker range=">= aspnetcore-8.0" -Razor components of Blazor Web Apps never display `` content when authorization fails server-side during static server-side rendering (static SSR). The server-side ASP.NET Core pipeline processes authorization on the server. Use server-side techniques, such as configuring to handle unauthorized requests. For more information, see . +Razor components of Blazor Web Apps never display `` content when authorization fails server-side during static server-side rendering (static SSR). The server-side ASP.NET Core pipeline processes authorization on the server. Use server-side techniques, such as configuring to handle unauthorized requests. For more information, see . :::moniker-end