* Replace all hardcoded status codes with System.Net.HttpStatusCode
* Replace all StatusCodes references to HttpStatusCode
Co-authored-by: Michal Mrnuštík <michal.mrnustik@riganti.cz>
[Internal review URL](https://review.docs.microsoft.com/en-us/aspnet/core/signalr/security?view=aspnetcore-2.1&branch=pr-en-us-9088)
- Kill long sentences. Long sentences are difficult for native speakers and impossible for MT (machine translation)
- Format code to prevent horizontal scroll bar on tablets 85 characters wide. You can simulate tablets by viewing in a browser of the maximum width that doesn't have left or right panes (TOC's).
- Prune dead wood. Avoid unnecessary words that don't add meaning to the text.
- Avoid "you" except when it make the statement more clear.
- For example, the following CORS policy allows a SignalR browser client hosted on `http://example.com` to access **your** SignalR app:
-For example, the following CORS policy allows a SignalR browser client hosted on `http://example.com` to access the SignalR app hosted on `http://signalr.example.com`:
- Avoid Wikipedia links
- Code snippets
Explicit sign-off required on my security rewording below:
- [ ] Allow cross-origin requests only from domains you trust or control.
The following are slightly too long but I couldn't find an elegant way to shorten them (not that my other trimming was elegant):
- Applications should be configured to validate these headers to ensure that only WebSockets coming from the expected origins are allowed.
Wade Pickett
Michal Mrnuštík
Luke Latham
Tom Dykstra
Andrew Stanton-Nurse
Rick Anderson