-
Notifications
You must be signed in to change notification settings - Fork 10k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revisit hot reload browser refresh script injection #45213
Comments
Thanks for contacting us. We're moving this issue to the |
We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process. |
Thanks for contacting us. We're moving this issue to the |
One thought I'm leaving here so we don't forget. We should make these scripts ES6 modules and rely on |
After experiencing numerous difficulties with disabling VS's (and ASP.NET Core's) script injection feature, I'd like to request that all injected HTML should include a HTML comment with instructions on how to disable HTML injection. So instead of this (which is what we have right now):
...it should be something like this:
...because right now the Hot Reload script will be injected if any of 4 entirely different VS or Project options are configured a certain way, and there's no obvious way to disable it. I would also like to have a single "Disable all code-injections" option so I won't have code unexpectedly injected for something-else-other-than-Hot-Reload in future. |
Our hot reload mechanism relies on the
aspnetcore-browser-refresh.js
script being injected into the webpage so the browser can automatically refresh with hot reload changes.We currently do this with a special middleware that searches for the last closing
</body>
tag in HTML responses and injects a<script src="/_framework/aspnetcore-browser-refresh.js"></script>
element just before it. However, this mechanism is very fragile because it fails when the response can't be easily parsed (e.g., response compression is enabled, the closing</body>
tag is split between response stream writes, etc.).We should consider an approach where we somehow reference the browser refresh script directly rather than using this script injection middleware.
Additional considerations
Make sure we also address the following issues:
_framework/aspnetcore-browser-refresh.js
due to CSP #33068The text was updated successfully, but these errors were encountered: