From a6de0006a305ebc5f4785cbc44c33937fc12d320 Mon Sep 17 00:00:00 2001
From: guardrex <1622880+guardrex@users.noreply.github.com>
Date: Mon, 20 Nov 2023 08:52:37 -0500
Subject: [PATCH] Add HTTP caching issues article
---
aspnetcore/blazor/caching-issues.md | 73 +++++++++++++++++++
aspnetcore/blazor/components/integration.md | 2 +-
.../blazor/components/js-spa-frameworks.md | 4 +-
aspnetcore/blazor/components/quickgrid.md | 2 +-
aspnetcore/blazor/components/sections.md | 4 +-
aspnetcore/blazor/fundamentals/index.md | 2 +-
.../blazor/globalization-localization.md | 4 +-
aspnetcore/blazor/project-structure.md | 12 +--
.../blazor/security/includes/troubleshoot.md | 4 +-
.../server/static-server-side-rendering.md | 2 +-
.../blazor/security/webassembly/graph-api.md | 20 ++---
.../hosted-with-identity-server.md | 2 +-
.../microsoft-entra-id-groups-and-roles.md | 2 +-
aspnetcore/migration/70-80.md | 7 ++
aspnetcore/toc.yml | 2 +
15 files changed, 112 insertions(+), 30 deletions(-)
create mode 100644 aspnetcore/blazor/caching-issues.md
diff --git a/aspnetcore/blazor/caching-issues.md b/aspnetcore/blazor/caching-issues.md
new file mode 100644
index 000000000000..bb783eb26d39
--- /dev/null
+++ b/aspnetcore/blazor/caching-issues.md
@@ -0,0 +1,73 @@
+---
+title: Avoid HTTP caching issues when upgrading ASP.NET Core Blazor apps
+author: guardrex
+description: Learn how to avoid HTTP caching issues when upgrading Blazor apps.
+monikerRange: '>= aspnetcore-3.1'
+ms.author: riande
+ms.custom: mvc
+ms.date: 11/20/2023
+uid: blazor/http-caching-issues
+---
+# Avoid HTTP caching issues when upgrading ASP.NET Core Blazor apps
+
+[!INCLUDE[](~/includes/not-latest-version.md)]
+
+When Blazor apps are incorrectly upgraded or configured, it can result in non-seamless upgrades for existing users. This article discusses some of the common HTTP caching issues that can occur when upgrading Blazor apps across major versions. It also provides some recommended actions to ensure a smooth transition for your users.
+
+While future Blazor releases might provide better solutions for dealing with HTTP caching issues, it's ultimately up to the app to correctly configure caching. Proper caching configuration ensures that the app's users always have the most up-to-date version of the app, improving their experience and reducing the likelihood of encountering errors.
+
+Common problems that negatively impact the user upgrade experience include:
+
+* **Incorrect handling of project and package updates**: This happens if you don't update all of the app's deployed projects to use the same major framework version or if you use packages from a previous version when a newer version is available as part of the major upgrade.
+* **Incorrect configuration of caching headers**: HTTP caching headers control how, where, and for how long the app's responses are cached. If headers aren't configured correctly, users might receive stale content.
+* **Incorrect configuration of other layers**: Content Delivery Networks (CDNs) and other layers of the deployed app can cause issues if incorrectly configured. For example, CDNs are designed to cache and deliver content to improve performance and reduce latency. If a CDN is incorrectly serving cached versions of assets, it can lead to stale content delivery to the user.
+
+## Detect and diagnose upgrade issues
+
+Upgrade issues typically appear as a failure to start the app in the browser. Normally, a warning indicates the presence of a stale asset or an asset that's missing or inconsistent with the app.
+
+* First, check if the app loads successfully within a clean browser instance. Use a private browser mode to load the app, such as Microsoft Edge InPrivate mode or Google Chrome Incognito mode. If the app fails to load, it likely means that one or more packages or the framework wasn't correctly updated.
+* If the app loads correctly in a clean browser instance, then it's likely that the app is being served from a stale cache. In most cases, a hard browser refresh with Ctrl+F5 flushes the cache, which permits the app to load and run with the latest assets.
+* If the app continues to fail, then it's likely that a stale CDN cache is serving the app. Try to flushing the DNS cache via whatever mechanism your CDN provider offers.
+
+## Recommended actions before an upgrade
+
+The prior process for serving the app might make the update process more challenging. For example, avoiding or incorrectly using caching headers in the past can lead to current caching problems for users. You can take the actions in the following sections to mitigate the issue and improve the upgrade process for users.
+
+### Align framework packages with the framework version
+
+Ensure that framework packages line up with the framework version. Using packages from a previous version when a newer version is available can lead to compatibility issues. It's also important to ensure that all of the app's deployed projects use the same major framework version. This consistency helps to avoid unexpected behavior and errors.
+
+### Verify the presence of correct caching headers
+
+The correct caching headers should be present on responses to resource requests. This includes `ETag`, `Cache-Control`, and other caching headers. The configuration of these headers is dependent on the hosting service or hosting server platform. They are particularly important for assets such as the Blazor script (`blazor.webassembly.js`) and anything the script downloads.
+
+Incorrect HTTP caching headers may also impact service workers. Service workers rely on caching headers to manage cached resources effectively. Therefore, incorrect or missing headers can disrupt the service worker's functionality.
+
+### Use `Clear-Site-Data` to delete state in the browser
+
+Consider using the [`Clear-Site-Data` header](https://developer.mozilla.org/docs/Web/HTTP/Headers/Clear-Site-Data) to delete state in the browser.
+
+Usually the source of cache state problems is limited to the HTTP browser cache, so use of the `cache` directive should be sufficient. This action can help to ensure that the browser fetches the latest resources from the server, rather than serving stale content from the cache.
+
+You can optionally include the `storage` directive to clear local storage caches at the same time that you're clearing the HTTP browser cache. However, apps that use client storage might experience a loss of important information if the `storage` directive is used.
+
+### Append a query string to the Blazor script tag
+
+If none of the previous recommended actions are effective, possible to use for your deployment, or apply to your app, consider temporarily appending a query string to the Blazor script's `
+```
+
+After all of the app's users have reloaded the app, the query string can be removed.
+
+Alternatively, you can apply a persistent query string with relevant versioning. The following example assumes that the version of the app matches the .NET release version (`8` for .NET 8):
+
+```html
+
+```
+
+For the location of the Blazor script `
```
In a Blazor Server app, the Blazor script is located in the `Pages/_Host.cshtml` file:
-```
+```html
```
@@ -556,7 +556,7 @@ In a Blazor Server app, the Blazor script is located in the `Pages/_Host.cshtml`
In a Blazor Server app, the Blazor script is located in the `Pages/_Host.cshtml` file:
-```
+```html
```
@@ -566,7 +566,7 @@ In a Blazor Server app, the Blazor script is located in the `Pages/_Host.cshtml`
In a Blazor Server app, the Blazor script is located in the `Pages/_Layout.cshtml` file:
-```
+```html
```
@@ -576,7 +576,7 @@ In a Blazor Server app, the Blazor script is located in the `Pages/_Layout.cshtm
In a Blazor Server app, the Blazor script is located in the `Pages/_Host.cshtml` file:
-```
+```html
```
@@ -584,7 +584,7 @@ In a Blazor Server app, the Blazor script is located in the `Pages/_Host.cshtml`
In a Blazor WebAssembly app, the Blazor script content is located in the `wwwroot/index.html` file:
-```
+```html
```
diff --git a/aspnetcore/blazor/security/includes/troubleshoot.md b/aspnetcore/blazor/security/includes/troubleshoot.md
index ab133ed1dd83..6ccdfcdb26df 100644
--- a/aspnetcore/blazor/security/includes/troubleshoot.md
+++ b/aspnetcore/blazor/security/includes/troubleshoot.md
@@ -67,14 +67,14 @@ One approach to prevent lingering cookies and site data from interfering with te
* Configure a browser
* Use a browser for testing that you can configure to delete all cookie and site data each time the browser is closed.
* Make sure that the browser is closed manually or by the IDE for any change to the app, test user, or provider configuration.
-* Use a custom command to open a browser in incognito or private mode in Visual Studio:
+* Use a custom command to open a browser in InPrivate or Incognito mode in Visual Studio:
* Open **Browse With** dialog box from Visual Studio's **Run** button.
* Select the **Add** button.
* Provide the path to your browser in the **Program** field. The following executable paths are typical installation locations for Windows 10. If your browser is installed in a different location or you aren't using Windows 10, provide the path to the browser's executable.
* Microsoft Edge: `C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe`
* Google Chrome: `C:\Program Files (x86)\Google\Chrome\Application\chrome.exe`
* Mozilla Firefox: `C:\Program Files\Mozilla Firefox\firefox.exe`
- * In the **Arguments** field, provide the command-line option that the browser uses to open in incognito or private mode. Some browsers require the URL of the app.
+ * In the **Arguments** field, provide the command-line option that the browser uses to open in InPrivate or Incognito mode. Some browsers require the URL of the app.
* Microsoft Edge: Use `-inprivate`.
* Google Chrome: Use `--incognito --new-window {URL}`, where the placeholder `{URL}` is the URL to open (for example, `https://localhost:5001`).
* Mozilla Firefox: Use `-private -url {URL}`, where the placeholder `{URL}` is the URL to open (for example, `https://localhost:5001`).
diff --git a/aspnetcore/blazor/security/server/static-server-side-rendering.md b/aspnetcore/blazor/security/server/static-server-side-rendering.md
index ae65c63c2301..bf4311bd8cc3 100644
--- a/aspnetcore/blazor/security/server/static-server-side-rendering.md
+++ b/aspnetcore/blazor/security/server/static-server-side-rendering.md
@@ -95,7 +95,7 @@ At the server level, the framework provides limits on request/response parameter
In addition, there are limits defined for the form, such as the maximum form key size and value size and the maximum number of entries.
-In general, the app must evaluate when there's a chance that a request triggers an asymmetric amount of work by the server. Examples of this include when the user sends a a request parameterized by N and the server performs an operation in response that is N times as expensive, where N is a parameter that a user controls and can grow indefinitely. Normally, the app must either impose a limit on the maximum N that it's willing to process or ensure that any operation is either less, equal, or more expensive than the request by a constant factor.
+In general, the app must evaluate when there's a chance that a request triggers an asymmetric amount of work by the server. Examples of this include when the user sends a request parameterized by N and the server performs an operation in response that is N times as expensive, where N is a parameter that a user controls and can grow indefinitely. Normally, the app must either impose a limit on the maximum N that it's willing to process or ensure that any operation is either less, equal, or more expensive than the request by a constant factor.
This aspect has more to do with the difference in growth between the work the client performs and the work the server performs than with a specific 1→N comparison. For example, a client might submit a work item (inserting elements into a list) that takes N units of time to perform, but the server needs N^2^ to process (because it might be doing something very naive). It's the difference between N and N^2^ that matters.
diff --git a/aspnetcore/blazor/security/webassembly/graph-api.md b/aspnetcore/blazor/security/webassembly/graph-api.md
index 4311753e98d1..cb3ad53e005c 100644
--- a/aspnetcore/blazor/security/webassembly/graph-api.md
+++ b/aspnetcore/blazor/security/webassembly/graph-api.md
@@ -201,7 +201,7 @@ The following `GraphExample` component uses an injected `GraphServiceClient` to
}
```
-When testing with the Graph SDK locally, we recommend using a new in-private/incognito browser session for each test to prevent lingering cookies from interfering with tests. For more information, see .
+When testing with the Graph SDK locally, we recommend using a new InPrivate/Incognito browser session for each test to prevent lingering cookies from interfering with tests. For more information, see .
## Customize user claims using the Graph SDK
@@ -285,7 +285,7 @@ public class CustomAccountFactory
Configure the MSAL authentication to use the custom user account factory.
-Confirm that the the `Program` file file uses the namespace:
+Confirm that the `Program` file file uses the namespace:
```csharp
using Microsoft.AspNetCore.Components.WebAssembly.Authentication;
@@ -357,7 +357,7 @@ else
}
```
-When testing with the Graph SDK locally, we recommend using a new in-private/incognito browser session for each test to prevent lingering cookies from interfering with tests. For more information, see .
+When testing with the Graph SDK locally, we recommend using a new InPrivate/Incognito browser session for each test to prevent lingering cookies from interfering with tests. For more information, see .
:::zone-end
@@ -557,7 +557,7 @@ The following `GraphExample` component uses an injected `GraphServiceClient` to
}
```
-When testing with the Graph SDK locally, we recommend using a new in-private/incognito browser session for each test to prevent lingering cookies from interfering with tests. For more information, see .
+When testing with the Graph SDK locally, we recommend using a new InPrivate/Incognito browser session for each test to prevent lingering cookies from interfering with tests. For more information, see .
## Customize user claims using the Graph SDK
@@ -634,7 +634,7 @@ public class CustomAccountFactory
Configure the MSAL authentication to use the custom user account factory.
-Confirm that the the `Program` file file uses the namespace:
+Confirm that the `Program` file file uses the namespace:
```csharp
using Microsoft.AspNetCore.Components.WebAssembly.Authentication;
@@ -707,7 +707,7 @@ else
}
```
-When testing with the Graph SDK locally, we recommend using a new in-private/incognito browser session for each test to prevent lingering cookies from interfering with tests. For more information, see .
+When testing with the Graph SDK locally, we recommend using a new InPrivate/Incognito browser session for each test to prevent lingering cookies from interfering with tests. For more information, see .
:::zone-end
@@ -836,7 +836,7 @@ In the following `GraphExample` component, an
}
```
-When testing with the Graph API locally, we recommend using a new in-private/incognito browser session for each test to prevent lingering cookies from interfering with testing. For more information, see .
+When testing with the Graph API locally, we recommend using a new InPrivate/Incognito browser session for each test to prevent lingering cookies from interfering with testing. For more information, see .
## Customize user claims using a named `HttpClient`
@@ -927,7 +927,7 @@ public class CustomAccountFactory
}
```
-The MSAL authentication is configured to use the custom user account factory. Start by confirming that the the `Program` file file uses the namespace:
+The MSAL authentication is configured to use the custom user account factory. Start by confirming that the `Program` file file uses the namespace:
```csharp
using Microsoft.AspNetCore.Components.WebAssembly.Authentication;
@@ -991,7 +991,7 @@ else
}
```
-When testing with the Graph API locally, we recommend using a new in-private/incognito browser session for each test to prevent lingering cookies from interfering with testing. For more information, see .
+When testing with the Graph API locally, we recommend using a new InPrivate/Incognito browser session for each test to prevent lingering cookies from interfering with testing. For more information, see .
:::zone-end
@@ -999,7 +999,7 @@ When testing with the Graph API locally, we recommend using a new in-private/inc
## Hosted Blazor WebAssembly solutions
-The examples in this article pertain to using the Graph SDK or a named `HttpClient` with Graph API directly from a standalone Blazor WebAssembly app or directly from the **:::no-loc text="Client":::** app of a hosted Blazor WebAssembly [solution](xref:blazor/tooling#visual-studio-solution-file-sln). An additional scenario that isn't covered by this article is for a **:::no-loc text="Client":::** app of a hosted solution to call the **:::no-loc text="Server":::** app of the solution via web API, and then the the **:::no-loc text="Server":::** app uses the Graph SDK/API to call Microsoft Graph and return data to the **:::no-loc text="Client":::** app. Although this is a supported approach, it isn't covered by this article. If you wish to adopt this approach:
+The examples in this article pertain to using the Graph SDK or a named `HttpClient` with Graph API directly from a standalone Blazor WebAssembly app or directly from the **:::no-loc text="Client":::** app of a hosted Blazor WebAssembly [solution](xref:blazor/tooling#visual-studio-solution-file-sln). An additional scenario that isn't covered by this article is for a **:::no-loc text="Client":::** app of a hosted solution to call the **:::no-loc text="Server":::** app of the solution via web API, and then the **:::no-loc text="Server":::** app uses the Graph SDK/API to call Microsoft Graph and return data to the **:::no-loc text="Client":::** app. Although this is a supported approach, it isn't covered by this article. If you wish to adopt this approach:
* Follow the guidance in for the web API aspects on issuing requests to the **:::no-loc text="Server":::** app from the **:::no-loc text="Client":::** app and returning data to the **:::no-loc text="Client":::** app.
* Follow the guidance in the primary [Microsoft Graph documentation](/graph/) to use the Graph SDK with a typical ASP.NET Core app, which in this scenario is the **:::no-loc text="Server":::** app of the solution. If you use the Blazor WebAssembly project template to the create the hosted Blazor WebAssembly solution (**ASP.NET Core Hosted**/`-h|--hosted`) with organizational authorization (single organization/`SingleOrg` or multiple organization/`MultiOrg`) and the Microsoft Graph option (**Microsoft identity platform** > **Connected Services** > **Add Microsoft Graph permissions** in Visual Studio or the `--calls-graph` option with the .NET CLI `dotnet new` command), the **:::no-loc text="Server":::** app of the solution is configured to use the Graph SDK when the solution is created from the project template.
diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md b/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md
index 8909f9d44217..9c8ceea36f83 100644
--- a/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md
+++ b/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md
@@ -806,7 +806,7 @@ The Azure documentation contains additional detail on using Azure services and c
* [Secure a custom DNS name with a TLS/SSL binding in Azure App Service](/azure/app-service/configure-ssl-bindings)
* [Azure Key Vault](/azure/key-vault/)
-We recommend using a new in-private or incognito browser window for each app test run after a change to the app, app configuration, or Azure services in the Azure portal. Lingering cookies from a previous test run can result in failed authentication or authorization when testing the site even when the site's configuration is correct. For more information on how to configure Visual Studio to open a new in-private or incognito browser window for each test run, see the [Cookies and site data](#cookies-and-site-data) section.
+We recommend using a new private mode browser window (for example, Microsoft Edge InPrivate mode or Google Chrome Incognito mode) for each app test run after a change to the app, app configuration, or Azure services in the Azure portal. Lingering cookies from a previous test run can result in failed authentication or authorization when testing the site even when the site's configuration is correct. For more information on how to configure Visual Studio to open a new private browser window for each test run, see the [Cookies and site data](#cookies-and-site-data) section.
When App Service configuration is changed in the Azure portal, the updates generally take effect quickly but aren't instant. Sometimes, you must wait a short period for an App Service to restart in order for a configuration change to take effect.
diff --git a/aspnetcore/blazor/security/webassembly/microsoft-entra-id-groups-and-roles.md b/aspnetcore/blazor/security/webassembly/microsoft-entra-id-groups-and-roles.md
index bc953c395f37..9cfd295e3a83 100644
--- a/aspnetcore/blazor/security/webassembly/microsoft-entra-id-groups-and-roles.md
+++ b/aspnetcore/blazor/security/webassembly/microsoft-entra-id-groups-and-roles.md
@@ -354,7 +354,7 @@ The preceding code ignores group membership claims (`groups`) that are ME-ID Adm
In the **CLIENT** app, configure the MSAL authentication to use the custom user account factory.
-Confirm that the the `Program` file file uses the namespace:
+Confirm that the `Program` file file uses the namespace:
```csharp
using Microsoft.AspNetCore.Components.WebAssembly.Authentication;
diff --git a/aspnetcore/migration/70-80.md b/aspnetcore/migration/70-80.md
index 32c8a458d4be..661c3b2482e7 100644
--- a/aspnetcore/migration/70-80.md
+++ b/aspnetcore/migration/70-80.md
@@ -87,6 +87,7 @@ The following migration scenarios are covered:
* [Migrate `CascadingValue` components in layout components](#migrate-cascadingvalue-components-in-layout-components)
* [Migrate the `BlazorEnableCompression` MSBuild property](#migrate-the-blazorenablecompression-msbuild-property)
* [Migrate the `` component to cascading authentication state services](#migrate-the-cascadingauthenticationstate-component-to-cascading-authentication-state-services)
+* [*New article*: HTTP caching issues during migration](#new-article-on-http-caching-issues)
For guidance on adding Blazor support to an ASP.NET Core app, see .
@@ -510,6 +511,12 @@ For more information, see the following resources:
* [Customize unauthorized content with the Router component](xref:blazor/security/index#customize-unauthorized-content-with-the-router-component)
*
+### New article on HTTP caching issues
+
+We've added a new article that discusses some of the common HTTP caching issues that can occur when upgrading Blazor apps across major versions and how to address HTTP caching issues.
+
+For more information, see .
+
## Docker
### Update Docker images
diff --git a/aspnetcore/toc.yml b/aspnetcore/toc.yml
index 3d967aabbda0..a12ea59fe722 100644
--- a/aspnetcore/toc.yml
+++ b/aspnetcore/toc.yml
@@ -638,6 +638,8 @@ items:
uid: blazor/host-and-deploy/multiple-hosted-webassembly
- name: Blazor with EF Core
uid: blazor/blazor-ef-core
+ - name: HTTP caching issues
+ uid: blazor/http-caching-issues
- name: Advanced scenarios
uid: blazor/advanced-scenarios
- name: Client-side development