dotnet
diff --git a/‎.github/CODEOWNERS
Lines changed: 12 additions & 15 deletions b/‎.github/CODEOWNERS
Lines changed: 12 additions & 15 deletions
diff --git a/‎.github/workflows/markdownlint-problem-matcher.json
Lines changed: 0 additions & 17 deletions b/‎.github/workflows/markdownlint-problem-matcher.json
Lines changed: 0 additions & 17 deletions
diff --git a/‎.github/workflows/markdownlint.yml
Lines changed: 0 additions & 26 deletions b/‎.github/workflows/markdownlint.yml
Lines changed: 0 additions & 26 deletions
diff --git a/‎eng/Publishing.props
Lines changed: 1 addition & 0 deletions b/‎eng/Publishing.props
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Components/Endpoints/src/RazorComponentEndpointInvoker.cs
Lines changed: 11 additions & 0 deletions b/‎src/Components/Endpoints/src/RazorComponentEndpointInvoker.cs
Lines changed: 11 additions & 0 deletions
diff --git a/‎src/Components/test/E2ETest/ServerRenderingTests/StreamingRenderingTest.cs
Lines changed: 18 additions & 2 deletions b/‎src/Components/test/E2ETest/ServerRenderingTests/StreamingRenderingTest.cs
Lines changed: 18 additions & 2 deletions
diff --git a/‎src/DataProtection/DataProtection/src/DataProtectionServiceCollectionExtensions.cs
Lines changed: 2 additions & 0 deletions b/‎src/DataProtection/DataProtection/src/DataProtectionServiceCollectionExtensions.cs
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/DataProtection/DataProtection/src/Internal/KeyManagementOptionsPostSetup.cs
Lines changed: 117 additions & 0 deletions b/‎src/DataProtection/DataProtection/src/Internal/KeyManagementOptionsPostSetup.cs
Lines changed: 117 additions & 0 deletions
diff --git a/‎src/DataProtection/DataProtection/src/LoggingExtensions.cs
Lines changed: 12 additions & 0 deletions b/‎src/DataProtection/DataProtection/src/LoggingExtensions.cs
Lines changed: 12 additions & 0 deletions
@@ -10,7 +10,7 @@
 /.vscode/                                                                         @captainsafia
 /.github/                                                                         @dotnet/aspnet-build @wtgodbe
 /.github/*_TEMPLATE/                                                              @dotnet/aspnet-build @wtgodbe @mkArtakMSFT
-/.github/workflows/                                                               @dotnet/aspnet-build @wtgodbe @tratcher
+/.github/workflows/                                                               @dotnet/aspnet-build @wtgodbe
 /docs/                                                                            @captainsafia @mkArtakMSFT
 /eng/                                                                             @dotnet/aspnet-build @wtgodbe
 /eng/common/                                                                      @dotnet-maestro-bot
@@ -21,34 +21,31 @@
 /src/Caching/**/PublicAPI.*Shipped.txt                                            @dotnet/aspnet-api-review @captainsafia @halter73 @mgravell
 /src/Components/                                                                  @dotnet/aspnet-blazor-eng
 /src/Components/**/PublicAPI.*Shipped.txt                                         @dotnet/aspnet-api-review @dotnet/aspnet-blazor-eng
-/src/DefaultBuilder/                                                              @tratcher @halter73
-/src/DefaultBuilder/**/PublicAPI.*Shipped.txt                                     @dotnet/aspnet-api-review @tratcher
+/src/DefaultBuilder/                                                              @halter73
+/src/DefaultBuilder/**/PublicAPI.*Shipped.txt                                     @dotnet/aspnet-api-review
 /src/Grpc/                                                                        @JamesNK @captainsafia @mgravell
 /src/Grpc/**/PublicAPI.*Shipped.txt                                               @dotnet/aspnet-api-review @JamesNK @captainsafia @mgravell
-/src/Hosting/                                                                     @tratcher @halter73
-/src/Hosting/**/PublicAPI.*Shipped.txt                                            @dotnet/aspnet-api-review @tratcher
-/src/Http/                                                                        @tratcher @BrennanConroy @halter73 @captainsafia
-/src/Http/**/PublicAPI.*Shipped.txt                                               @dotnet/aspnet-api-review @tratcher @BrennanConroy
+/src/Hosting/                                                                     @halter73
+/src/Hosting/**/PublicAPI.*Shipped.txt                                            @dotnet/aspnet-api-review
+/src/Http/                                                                        @BrennanConroy @halter73 @captainsafia
+/src/Http/**/PublicAPI.*Shipped.txt                                               @dotnet/aspnet-api-review @BrennanConroy
 /src/Http/Routing/                                                                @javiercn
 /src/Http/Routing/**/PublicAPI.*Shipped.txt                                       @dotnet/aspnet-api-review @javiercn
 /src/HttpClientFactory/                                                           @captainsafia @halter73
 /src/HttpClientFactory/**/PublicAPI.*Shipped.txt                                  @dotnet/aspnet-api-review @captainsafia @halter73
 /src/Installers/                                                                  @dotnet/aspnet-build @wtgodbe
 /src/JSInterop/                                                                   @dotnet/aspnet-blazor-eng
-/src/Middleware/                                                                  @tratcher @BrennanConroy
-/src/Middleware/**/PublicAPI.*Shipped.txt                                         @dotnet/aspnet-api-review @tratcher @BrennanConroy
+/src/Middleware/                                                                  @BrennanConroy
+/src/Middleware/**/PublicAPI.*Shipped.txt                                         @dotnet/aspnet-api-review @BrennanConroy
 /src/Mvc/                                                                         @dotnet/minimal-apis
 /src/Mvc/Mvc.ApiExplorer                                                          @captainsafia @halter73 @brunolins16
 /src/Mvc/**/PublicAPI.*Shipped.txt                                                @dotnet/aspnet-api-review @dotnet/aspnet-blazor-eng
 /src/OpenApi                                                                      @captainsafia @dotnet/minimal-apis
 /src/ProjectTemplates/Web.ProjectTemplates/content/BlazorServerWeb-CSharp/        @dotnet/aspnet-blazor-eng
 /src/ProjectTemplates/Web.ProjectTemplates/content/ComponentsWebAssembly-CSharp/  @dotnet/aspnet-blazor-eng
-/src/Security/                                                                    @tratcher
-/src/Security/**/PublicAPI.*Shipped.txt                                           @dotnet/aspnet-api-review @tratcher
-/src/Servers/                                                                     @tratcher @halter73 @BrennanConroy @JamesNK @mgravell
-/src/Servers/**/PublicAPI.*Shipped.txt                                            @dotnet/aspnet-api-review @tratcher @halter73 @BrennanConroy @JamesNK @mgravell
-/src/Shared/runtime/                                                              @tratcher
-/src/Shared/test/Shared.Tests/runtime/                                            @tratcher
+/src/Security/**/PublicAPI.*Shipped.txt                                           @dotnet/aspnet-api-review
+/src/Servers/                                                                     @halter73 @BrennanConroy @JamesNK @mgravell
+/src/Servers/**/PublicAPI.*Shipped.txt                                            @dotnet/aspnet-api-review @halter73 @BrennanConroy @JamesNK @mgravell
 /src/SignalR/                                                                     @BrennanConroy @halter73
 /src/SignalR/**/PublicAPI.*Shipped.txt                                            @dotnet/aspnet-api-review @BrennanConroy @halter73
 /src/submodules                                                                   @dotnet/aspnet-build @wtgodbe
@@ -1,6 +1,7 @@
 <Project>
   <PropertyGroup>
     <PublishingVersion>3</PublishingVersion>
+    <ProducesDotNetReleaseShippingAssets>true</ProducesDotNetReleaseShippingAssets>
   </PropertyGroup>
 
   <PropertyGroup>
 
@@ -9,6 +9,7 @@
 using Microsoft.AspNetCore.Components.Endpoints.Rendering;
 using Microsoft.AspNetCore.Diagnostics;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
@@ -116,6 +117,16 @@ await EndpointHtmlRenderer.InitializeStandardComponentServicesAsync(
             }
         }
 
+        if (!quiesceTask.IsCompleted)
+        {
+            // An incomplete QuiescenceTask indicates there may be streaming rendering updates.
+            // Disable all response buffering and compression on IIS like SignalR's ServerSentEventsServerTransport does.
+            var bufferingFeature = context.Features.GetRequiredFeature<IHttpResponseBodyFeature>();
+            bufferingFeature.DisableBuffering();
+
+            context.Response.Headers.ContentEncoding = "identity";
+        }
+
         // Importantly, we must not yield this thread (which holds exclusive access to the renderer sync context)
         // in between the first call to htmlContent.WriteTo and the point where we start listening for subsequent
         // streaming SSR batches (inside SendStreamingUpdatesAsync). Otherwise some other code might dispatch to the
 
@@ -3,13 +3,13 @@
 
 using System.Globalization;
 using System.Net.Http;
-using System.Net.Http.Headers;
 using System.Text;
 using System.Text.RegularExpressions;
 using Components.TestServer.RazorComponents;
 using Microsoft.AspNetCore.Components.E2ETest.Infrastructure;
 using Microsoft.AspNetCore.Components.E2ETest.Infrastructure.ServerFixtures;
 using Microsoft.AspNetCore.E2ETesting;
+using Microsoft.Net.Http.Headers;
 using OpenQA.Selenium;
 using TestServer;
 using Xunit.Abstractions;
@@ -30,13 +30,29 @@ public override Task InitializeAsync()
         => InitializeAsync(BrowserFixture.StreamingContext);
 
     [Fact]
-    public void CanRenderNonstreamingPageWithoutInjectingStreamingMarkers()
+    public async Task CanRenderNonstreamingPageWithoutInjectingStreamingMarkersOrHeaders()
     {
         Navigate(ServerPathBase);
 
         Browser.Equal("Hello", () => Browser.Exists(By.TagName("h1")).Text);
 
         Assert.DoesNotContain("<blazor-ssr", Browser.PageSource);
+
+        using var httpClient = new HttpClient();
+        using var response = await httpClient.GetAsync(new Uri(_serverFixture.RootUri, ServerPathBase));
+        response.EnsureSuccessStatusCode();
+
+        Assert.False(response.Content.Headers.Contains(HeaderNames.ContentEncoding));
+    }
+
+    [Fact]
+    public async Task DoesRenderStreamingPageWithStreamingHeadersToDisableBuffering()
+    {
+        using var httpClient = new HttpClient();
+        using var response = await httpClient.GetAsync(new Uri(_serverFixture.RootUri, $"{ServerPathBase}/streaming"), HttpCompletionOption.ResponseHeadersRead);
+        response.EnsureSuccessStatusCode();
+
+        Assert.Equal("identity", response.Content.Headers.ContentEncoding.Single());
     }
 
     [Theory]
 
@@ -67,6 +67,8 @@ private static void AddDataProtectionServices(IServiceCollection services)
 
         services.TryAddEnumerable(
             ServiceDescriptor.Singleton<IConfigureOptions<KeyManagementOptions>, KeyManagementOptionsSetup>());
+        services.TryAddEnumerable(
+            ServiceDescriptor.Singleton<IPostConfigureOptions<KeyManagementOptions>, KeyManagementOptionsPostSetup>());
         services.TryAddEnumerable(
             ServiceDescriptor.Transient<IConfigureOptions<DataProtectionOptions>, DataProtectionOptionsSetup>());
 
 
@@ -0,0 +1,117 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.IO;
+using System.Xml.Linq;
+using Microsoft.AspNetCore.DataProtection.KeyManagement;
+using Microsoft.AspNetCore.DataProtection.Repositories;
+using Microsoft.AspNetCore.DataProtection.XmlEncryption;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.DataProtection.Internal;
+
+/// <summary>
+/// Performs additional <see cref="KeyManagementOptions" /> configuration, after the user's configuration has been applied.
+/// </summary>
+/// <remarks>
+/// In practice, this type is used to set key management to readonly mode if an environment variable is set and the user
+/// has not explicitly configured data protection.
+/// </remarks>
+internal sealed class KeyManagementOptionsPostSetup : IPostConfigureOptions<KeyManagementOptions>
+{
+    /// <remarks>
+    /// Settable as `ReadOnlyDataProtectionKeyDirectory`, `DOTNET_ReadOnlyDataProtectionKeyDirectory`,
+    /// or `ASPNETCORE_ReadOnlyDataProtectionKeyDirectory`, in descending order of precedence.
+    /// </remarks>
+    internal const string ReadOnlyDataProtectionKeyDirectoryKey = "ReadOnlyDataProtectionKeyDirectory";
+
+    private readonly string? _keyDirectoryPath;
+    private readonly ILoggerFactory? _loggerFactory; // Null iff _keyDirectoryPath is null
+    private readonly ILogger<KeyManagementOptionsPostSetup>? _logger; // Null iff _keyDirectoryPath is null
+
+    public KeyManagementOptionsPostSetup()
+    {
+        // If there's no IConfiguration, there's no _keyDirectoryPath and this type will do nothing.
+        // This is mostly a convenience for tests since ASP.NET Core apps will have an IConfiguration.
+    }
+
+    public KeyManagementOptionsPostSetup(IConfiguration configuration, ILoggerFactory loggerFactory)
+    {
+        var dirPath = configuration[ReadOnlyDataProtectionKeyDirectoryKey];
+        if (string.IsNullOrEmpty(dirPath))
+        {
+            return;
+        }
+
+        _keyDirectoryPath = dirPath;
+        _loggerFactory = loggerFactory;
+        _logger = loggerFactory.CreateLogger<KeyManagementOptionsPostSetup>();
+    }
+
+    void IPostConfigureOptions<KeyManagementOptions>.PostConfigure(string? name, KeyManagementOptions options)
+    {
+        if (_keyDirectoryPath is null)
+        {
+            // There's no logger, so we couldn't log if we wanted to
+            return;
+        }
+
+        var logger = _logger!;
+
+        if (name != Options.DefaultName)
+        {
+            logger.IgnoringReadOnlyConfigurationForNonDefaultOptions(ReadOnlyDataProtectionKeyDirectoryKey, name);
+            return;
+        }
+
+        // If Data Protection has not been configured, then set it up according to the environment variable
+        if (options is { XmlRepository: null, XmlEncryptor: null })
+        {
+            var keyDirectory = new DirectoryInfo(_keyDirectoryPath);
+
+            logger.UsingReadOnlyKeyConfiguration(keyDirectory.FullName);
+
+            options.AutoGenerateKeys = false;
+            options.XmlEncryptor = InvalidEncryptor.Instance;
+            options.XmlRepository = new ReadOnlyFileSystemXmlRepository(keyDirectory, _loggerFactory!);
+        }
+        else if (options.XmlRepository is not null)
+        {
+            logger.NotUsingReadOnlyKeyConfigurationBecauseOfRepository();
+        }
+        else
+        {
+            logger.NotUsingReadOnlyKeyConfigurationBecauseOfEncryptor();
+        }
+    }
+
+    private sealed class InvalidEncryptor : IXmlEncryptor
+    {
+        public static readonly IXmlEncryptor Instance = new InvalidEncryptor();
+
+        private InvalidEncryptor()
+        {
+        }
+
+        EncryptedXmlInfo IXmlEncryptor.Encrypt(XElement plaintextElement)
+        {
+            throw new InvalidOperationException("Keys access is set up as read-only, so nothing should be encrypting");
+        }
+    }
+
+    private sealed class ReadOnlyFileSystemXmlRepository : FileSystemXmlRepository
+    {
+        public ReadOnlyFileSystemXmlRepository(DirectoryInfo directory, ILoggerFactory loggerFactory)
+            : base(directory, loggerFactory)
+        {
+        }
+
+        public override void StoreElement(XElement element, string friendlyName)
+        {
+            throw new InvalidOperationException("Keys access is set up as read-only, so nothing should be storing keys");
+        }
+    }
+}
@@ -237,4 +237,16 @@ private static bool IsLogLevelEnabledCore([NotNullWhen(true)] ILogger? logger, L
 
     [LoggerMessage(60, LogLevel.Warning, "Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to https://aka.ms/aspnet/dataprotectionwarning", EventName = "UsingEphemeralFileSystemLocationInContainer")]
     public static partial void UsingEphemeralFileSystemLocationInContainer(this ILogger logger, string path);
+
+    [LoggerMessage(61, LogLevel.Trace, "Ignoring configuration '{PropertyName}' for options instance '{OptionsName}'", EventName = "IgnoringReadOnlyConfigurationForNonDefaultOptions")]
+    public static partial void IgnoringReadOnlyConfigurationForNonDefaultOptions(this ILogger logger, string propertyName, string? optionsName);
+
+    [LoggerMessage(62, LogLevel.Information, "Enabling read-only key access with repository directory '{Path}'", EventName = "UsingReadOnlyKeyConfiguration")]
+    public static partial void UsingReadOnlyKeyConfiguration(this ILogger logger, string path);
+
+    [LoggerMessage(63, LogLevel.Debug, "Not enabling read-only key access because an XML repository has been specified", EventName = "NotUsingReadOnlyKeyConfigurationBecauseOfRepository")]
+    public static partial void NotUsingReadOnlyKeyConfigurationBecauseOfRepository(this ILogger logger);
+
+    [LoggerMessage(64, LogLevel.Debug, "Not enabling read-only key access because an XML encryptor has been specified", EventName = "NotUsingReadOnlyKeyConfigurationBecauseOfEncryptor")]
+    public static partial void NotUsingReadOnlyKeyConfigurationBecauseOfEncryptor(this ILogger logger);
 }