[Internal review URL](https://review.docs.microsoft.com/en-us/aspnet/core/signalr/security?view=aspnetcore-2.1&branch=pr-en-us-9088)
- Kill long sentences. Long sentences are difficult for native speakers and impossible for MT (machine translation)
- Format code to prevent horizontal scroll bar on tablets 85 characters wide. You can simulate tablets by viewing in a browser of the maximum width that doesn't have left or right panes (TOC's).
- Prune dead wood. Avoid unnecessary words that don't add meaning to the text.
- Avoid "you" except when it make the statement more clear.
- For example, the following CORS policy allows a SignalR browser client hosted on `http://example.com` to access **your** SignalR app:
-For example, the following CORS policy allows a SignalR browser client hosted on `http://example.com` to access the SignalR app hosted on `http://signalr.example.com`:
- Avoid Wikipedia links
- Code snippets
Explicit sign-off required on my security rewording below:
- [ ] Allow cross-origin requests only from domains you trust or control.
The following are slightly too long but I couldn't find an elegant way to shorten them (not that my other trimming was elegant):
- Applications should be configured to validate these headers to ensure that only WebSockets coming from the expected origins are allowed.
Fixes#9114
We're going to keep the cookie sharing auth samples over here on the docs repo and **not** move them to the AuthSamples repo. We don't need to keep the previous Identity Core sample (and it's not linked to anything).
A link to the FK section is actually provided, but it is easy to gloss over. Moving the section up in the document prevents users reading it too late to do anything about it, as said in the issue.
Fixes#7728
`AuthenticateUser()` now uses the passed in email parameter, instead of the Input class property.
When checking the user entered email address, the `AuthenticateUser()` method was using the bound property `Input`, which is incorrect, the method must use the `email` parameter that is passed into the method.
PS: This is my first pull request, so is the above enough information?
* Add information on connection token vs other types
To disambiguate connection token vs session / auth tokens.
* Address feedback on heading
Sentence case; H4; remove "note" text.
* remove extra the; update title case.
* Incorporate feedback comments
* Incorporate feedback on last paragraph
* additional clarification
* Update heading per feedback
phrasing, capitalization, and line break under heading
* Incorporate wording feedback
* Addressing feedback: contractions
Part of #8581 to lower SEO of
how to write a ASP.NET web app
how to write a ASP.NET web application
how to program a ASP.NET web app
how to program a ASP.NET web application
Fixes#9071
I will not lie: this was not enjoyable. With the realization that this page might be shuffled around to a new spot in the TOC, it was a delicate act balancing Razor pages and traditional MVC without getting too intrusive about it.
As such, I:
* Included a note at the top of the document outlining the subtle differences, so I can just casually reference them later and don't have to explain which is which
* Replaced wording of "views" with "pages or views"
* Changed controller wording to "the folder where the handler method (or controller) exists."
I also updated the *_Layout.cshtml* sample file. It's a little different, two years later.
I expect some back-and-forth about this—let me know what you think, @Rick-Anderson.
Fixes#8030
Luke Latham
Ahmed Yahia
Rasto
Mikael Mengistu
Michael Randers-Pehrson
Rick Anderson
Pranav K
BrennanConroy
Dave Brock
Tom Dykstra
Scott Addie
Codefridge
Sean Killeen
Scott Addie
Genevieve Warren
Andrew Stanton-Nurse
VaultHunter101
Antoine Griffard