[release/10.0.3xx] Enable hot reloading for Blazor inside an iframe#53297
Open
github-actions[bot] wants to merge 1 commit intorelease/10.0.3xxfrom
Open
[release/10.0.3xx] Enable hot reloading for Blazor inside an iframe#53297github-actions[bot] wants to merge 1 commit intorelease/10.0.3xxfrom
github-actions[bot] wants to merge 1 commit intorelease/10.0.3xxfrom
Conversation
Co-authored-by: javiercn <6995051+javiercn@users.noreply.github.com>
lewing
approved these changes
Mar 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #51006 to release/10.0.3xx
Customer Issue
Hot Reload on Blazor apps doesn't work inside iframes because
BrowserRefreshMiddleware.IsBrowserDocumentRequest()only accepts requests withSec-Fetch-Dest: document. Requests from iframes useSec-Fetch-Dest: frameorSec-Fetch-Dest: iframe, causing the middleware to reject them and skip script injection.This prevents hot reload from working in scenarios like Blazing Story (Storybook clone for Blazor) and any other tooling that embeds Blazor apps within iframe contexts.
Fixes #51005
Description
Updates
IsBrowserDocumentRequestto also accept "frame" and "iframe" values for theSec-Fetch-Destheader, in addition to the existing "document" value. This allows the browser refresh middleware to inject hot reload scripts into iframe-embedded Blazor applications.Was this a regression?
Testing
Updated existing tests to validate that frame/iframe requests now return
truefromIsBrowserDocumentRequestwhile other non-document values like "serviceworker" still returnfalse. All tests in the BrowserRefresh test suite pass.Risk
Low. The change adds two additional string comparisons to the existing
Sec-Fetch-Destvalidation logic without affecting any other functionality.