search

dotnet / AspNetCore.Docs

Documentation for ASP.NET Core
https://docs.microsoft.com/aspnet/core
Creative Commons Attribution 4.0 International
12.66k stars 25.28k forks source link

Blazor issue with Akamai #34215

Closed daniel-parra-issatec closed 1 week ago

daniel-parra-issatec commented 1 week ago

Hello, I'm not sure if this goes here.

I built a Blazor Web App (server side) and the customer (a Bank) needs to run the application through Akamai (masking the base url). When we run the application normally from our Azure server it works fine. However, when we run the application through Akamai and it starts loading it sends the following POST request:

https://[akamai masked domain]/[application name]/_blazor?id=[some ID here]

With the following post data:

{ "mimeType": "text/plain;charset=UTF-8", "text": "{\"protocol\":\"blazorpack\",\"version\":1}\u001e" }

Akamai is marking the request body as unsafe and the bank wants to know the technical reason behind this post request so they can create an exception rule for this behavior. We did a test with an exception to the request body and it works as intended.

From what I've seen, the post data is always the same so my guess is this as a false positive. The bank is suggesting that I modify Blazor to avoid this behavior (I'm not doing that).

Why does Blazor makes this post request when the application starts running?

Thanks in advance for your help.

guardrex commented 1 week ago

Hello @daniel-parra-issatec ... You can open this for the product unit to take a look at ...

https://github.com/dotnet/aspnetcore/issues

Please add ...

cc: @guardrex https://github.com/dotnet/AspNetCore.Docs/issues/34215

... to the bottom of your opening comment so that I can follow along. I might re-open this for doc work depending on what they say.