From 26a74b47db88155e14f0bb5eba242b440f761188 Mon Sep 17 00:00:00 2001 From: Stephen Daudell Date: Mon, 5 Jun 2017 15:28:02 -0500 Subject: [PATCH 1/2] Fix typo in routing.md (#3465) Change "asterix" to "asterisk" --- aspnetcore/fundamentals/routing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/fundamentals/routing.md b/aspnetcore/fundamentals/routing.md index 6c5bf43e53..0166aa07f1 100644 --- a/aspnetcore/fundamentals/routing.md +++ b/aspnetcore/fundamentals/routing.md @@ -138,7 +138,7 @@ routes.MapRoute( defaults: new { controller = "Blog", action = "ReadArticle" }); ``` -This template will match a URL path like `/Blog/All-About-Routing/Introduction` and will extract the values `{ controller = Blog, action = ReadArticle, article = All-About-Routing/Introduction }`. The default route values for `controller` and `action` are produced by the route even though there are no corresponding route parameters in the template. Default values can be specified in the route template. The `article` route parameter is defined as a *catch-all* by the appearance of an asterix `*` before the route parameter name. Catch-all route parameters capture the remainder of the URL path, and can also match the empty string. +This template will match a URL path like `/Blog/All-About-Routing/Introduction` and will extract the values `{ controller = Blog, action = ReadArticle, article = All-About-Routing/Introduction }`. The default route values for `controller` and `action` are produced by the route even though there are no corresponding route parameters in the template. Default values can be specified in the route template. The `article` route parameter is defined as a *catch-all* by the appearance of an asterisk `*` before the route parameter name. Catch-all route parameters capture the remainder of the URL path, and can also match the empty string. This example adds route constraints and data tokens: From 8a4b8db394c54da0d3b69e80edc9c2f71e00b9b3 Mon Sep 17 00:00:00 2001 From: Botond Bertalan Date: Tue, 6 Jun 2017 17:13:03 +0100 Subject: [PATCH 2/2] Typo fixed (#3466) sentitive changed to sensitive --- .../security/enabling-cross-origin-requests-in-web-api.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api.md b/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api.md index b9a140f8bd..bcd5ea4700 100644 --- a/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api.md +++ b/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api.md @@ -17,7 +17,7 @@ Enabling Cross-Origin Requests in ASP.NET Web API 2 ==================== by [Mike Wasson](https://github.com/MikeWasson) -> Browser security prevents a web page from making AJAX requests to another domain. This restriction is called the *same-origin policy*, and prevents a malicious site from reading sentitive data from another site. However, sometimes you might want to let other sites call your web API. +> Browser security prevents a web page from making AJAX requests to another domain. This restriction is called the *same-origin policy*, and prevents a malicious site from reading sensitive data from another site. However, sometimes you might want to let other sites call your web API. > > [Cross Origin Resource Sharing](http://www.w3.org/TR/cors/) (CORS) is a W3C standard that allows a server to relax the same-origin policy. Using CORS, a server can explicitly allow some cross-origin requests while rejecting others. CORS is safer and more flexible than earlier techniques such as [JSONP](http://en.wikipedia.org/wiki/JSONP). This tutorial shows how to enable CORS in your Web API application. > @@ -297,4 +297,4 @@ To set the **ICorsPolicyProviderFactory**, call the **SetCorsPolicyProviderFacto The Web API CORS package is a server-side technology. The user's browser also needs to support CORS. Fortunately, the current versions of all major browsers include [support for CORS](http://caniuse.com/cors). -Internet Explorer 8 and Internet Explorer 9 have partial support for CORS, using the legacy XDomainRequest object instead of XMLHttpRequest. For more information, see [XDomainRequest - Restrictions, Limitations and Workarounds](https://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx). \ No newline at end of file +Internet Explorer 8 and Internet Explorer 9 have partial support for CORS, using the legacy XDomainRequest object instead of XMLHttpRequest. For more information, see [XDomainRequest - Restrictions, Limitations and Workarounds](https://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx).