From fe96a68037ef354189d2ff77522449372f76531c Mon Sep 17 00:00:00 2001 From: Luke Latham <1622880+guardrex@users.noreply.github.com> Date: Mon, 6 Jul 2020 13:31:46 -0500 Subject: [PATCH] Language update (#19115) --- aspnetcore/data/ef-mvc/crud.md | 2 +- aspnetcore/data/ef-mvc/update-related-data.md | 4 ++-- aspnetcore/data/ef-rp/update-related-data.md | 2 +- aspnetcore/fundamentals/servers/kestrel.md | 2 +- aspnetcore/includes/mvc-intro/new-field.md | 2 +- aspnetcore/security/cors.md | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/aspnetcore/data/ef-mvc/crud.md b/aspnetcore/data/ef-mvc/crud.md index d84dc71e86..312cfd50a8 100644 --- a/aspnetcore/data/ef-mvc/crud.md +++ b/aspnetcore/data/ef-mvc/crud.md @@ -175,7 +175,7 @@ These changes implement a security best practice to prevent overposting. The sca The new code reads the existing entity and calls `TryUpdateModel` to update fields in the retrieved entity [based on user input in the posted form data](xref:mvc/models/model-binding). The Entity Framework's automatic change tracking sets the `Modified` flag on the fields that are changed by form input. When the `SaveChanges` method is called, the Entity Framework creates SQL statements to update the database row. Concurrency conflicts are ignored, and only the table columns that were updated by the user are updated in the database. (A later tutorial shows how to handle concurrency conflicts.) -As a best practice to prevent overposting, the fields that you want to be updateable by the **Edit** page are whitelisted in the `TryUpdateModel` parameters. (The empty string preceding the list of fields in the parameter list is for a prefix to use with the form fields names.) Currently there are no extra fields that you're protecting, but listing the fields that you want the model binder to bind ensures that if you add fields to the data model in the future, they're automatically protected until you explicitly add them here. +As a best practice to prevent overposting, the fields that you want to be updateable by the **Edit** page are declared in the `TryUpdateModel` parameters. (The empty string preceding the list of fields in the parameter list is for a prefix to use with the form fields names.) Currently there are no extra fields that you're protecting, but listing the fields that you want the model binder to bind ensures that if you add fields to the data model in the future, they're automatically protected until you explicitly add them here. As a result of these changes, the method signature of the HttpPost `Edit` method is the same as the HttpGet `Edit` method; therefore you've renamed the method `EditPost`. diff --git a/aspnetcore/data/ef-mvc/update-related-data.md b/aspnetcore/data/ef-mvc/update-related-data.md index 8bb3c95f2b..0f3a16d8af 100644 --- a/aspnetcore/data/ef-mvc/update-related-data.md +++ b/aspnetcore/data/ef-mvc/update-related-data.md @@ -131,7 +131,7 @@ The code does the following: * Gets the current Instructor entity from the database using eager loading for the `OfficeAssignment` navigation property. This is the same as what you did in the HttpGet `Edit` method. -* Updates the retrieved Instructor entity with values from the model binder. The `TryUpdateModel` overload enables you to whitelist the properties you want to include. This prevents over-posting, as explained in the [second tutorial](crud.md). +* Updates the retrieved Instructor entity with values from the model binder. The `TryUpdateModel` overload enables you to declare the properties you want to include. This prevents over-posting, as explained in the [second tutorial](crud.md). @@ -199,7 +199,7 @@ Next, add the code that's executed when the user clicks **Save**. Replace the `E The method signature is now different from the HttpGet `Edit` method, so the method name changes from `EditPost` back to `Edit`. -Since the view doesn't have a collection of Course entities, the model binder can't automatically update the `CourseAssignments` navigation property. Instead of using the model binder to update the `CourseAssignments` navigation property, you do that in the new `UpdateInstructorCourses` method. Therefore you need to exclude the `CourseAssignments` property from model binding. This doesn't require any change to the code that calls `TryUpdateModel` because you're using the whitelisting overload and `CourseAssignments` isn't in the include list. +Since the view doesn't have a collection of Course entities, the model binder can't automatically update the `CourseAssignments` navigation property. Instead of using the model binder to update the `CourseAssignments` navigation property, you do that in the new `UpdateInstructorCourses` method. Therefore, you need to exclude the `CourseAssignments` property from model binding. This doesn't require any change to the code that calls `TryUpdateModel` because you're using the overload that requires explicit approval and `CourseAssignments` isn't in the include list. If no check boxes were selected, the code in `UpdateInstructorCourses` initializes the `CourseAssignments` navigation property with an empty collection and returns: diff --git a/aspnetcore/data/ef-rp/update-related-data.md b/aspnetcore/data/ef-rp/update-related-data.md index aced7628cf..149832239b 100644 --- a/aspnetcore/data/ef-rp/update-related-data.md +++ b/aspnetcore/data/ef-rp/update-related-data.md @@ -146,7 +146,7 @@ Create the *Pages/Instructors/InstructorCoursesPageModel.cs* base class: The `InstructorCoursesPageModel` is the base class you will use for the Edit and Create page models. `PopulateAssignedCourseData` reads all `Course` entities to populate `AssignedCourseDataList`. For each course, the code sets the `CourseID`, title, and whether or not the instructor is assigned to the course. A [HashSet](/dotnet/api/system.collections.generic.hashset-1) is used for efficient lookups. -Since the Razor page doesn't have a collection of Course entities, the model binder can't automatically update the `CourseAssignments` navigation property. Instead of using the model binder to update the `CourseAssignments` navigation property, you do that in the new `UpdateInstructorCourses` method. Therefore you need to exclude the `CourseAssignments` property from model binding. This doesn't require any change to the code that calls `TryUpdateModel` because you're using the whitelisting overload and `CourseAssignments` isn't in the include list. +Since the Razor page doesn't have a collection of Course entities, the model binder can't automatically update the `CourseAssignments` navigation property. Instead of using the model binder to update the `CourseAssignments` navigation property, you do that in the new `UpdateInstructorCourses` method. Therefore you need to exclude the `CourseAssignments` property from model binding. This doesn't require any change to the code that calls `TryUpdateModel` because you're using the overload with declared properties and `CourseAssignments` isn't in the include list. If no check boxes were selected, the code in `UpdateInstructorCourses` initializes the `CourseAssignments` navigation property with an empty collection and returns: diff --git a/aspnetcore/fundamentals/servers/kestrel.md b/aspnetcore/fundamentals/servers/kestrel.md index a0b113b91d..dd96cf744e 100644 --- a/aspnetcore/fundamentals/servers/kestrel.md +++ b/aspnetcore/fundamentals/servers/kestrel.md @@ -1713,7 +1713,7 @@ TLS restrictions for HTTP/2: * Minimum ephemeral key exchange sizes: * Elliptic curve Diffie-Hellman (ECDHE) [[RFC4492](https://www.ietf.org/rfc/rfc4492.txt)]: 224 bits minimum * Finite field Diffie-Hellman (DHE) [`TLS12`]: 2048 bits minimum -* Cipher suite not blacklisted +* Cipher suite not blocked `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` [`TLS-ECDHE`] with the P-256 elliptic curve [`FIPS186`] is supported by default. diff --git a/aspnetcore/includes/mvc-intro/new-field.md b/aspnetcore/includes/mvc-intro/new-field.md index aa9aa350f6..a3f714981f 100644 --- a/aspnetcore/includes/mvc-intro/new-field.md +++ b/aspnetcore/includes/mvc-intro/new-field.md @@ -24,7 +24,7 @@ Open the *Models/Movie.cs* file and add a `Rating` property: ::: moniker-end -Because you've added a new field to the `Movie` class, you also need to update the binding whitelist so this new property will be included. In *MoviesController.cs*, update the `[Bind]` attribute for both the `Create` and `Edit` action methods to include the `Rating` property: +Because you've added a new field to the `Movie` class, you also need to update the binding's included properties so this new property is included. In *MoviesController.cs*, update the `[Bind]` attribute for both the `Create` and `Edit` action methods to include the `Rating` property: ```csharp [Bind("ID,Title,ReleaseDate,Genre,Price,Rating")] diff --git a/aspnetcore/security/cors.md b/aspnetcore/security/cors.md index b6762861aa..e6d5200900 100644 --- a/aspnetcore/security/cors.md +++ b/aspnetcore/security/cors.md @@ -783,7 +783,7 @@ For instance, consider an app configured as follows: app.UseCors(policy => policy.WithHeaders(HeaderNames.CacheControl)); ``` -CORS Middleware responds successfully to a preflight request with the following request header because `Content-Language` is always whitelisted: +CORS Middleware responds successfully to a preflight request with the following request header because `Content-Language` is always permitted: ``` Access-Control-Request-Headers: Cache-Control, Content-Language