[release/8.0] [Blazor] Allow cascading value subscribers to get added and removed during change notification #57288
+148
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
dotnet-issue-labeler
bot
added
the
area-blazor
MackinnonBuck
added
the
* NO MERGE *
dotnet-policy-service
bot
added
the
pending-ci-rerun
|
@MackinnonBuck do we want this for October? |
|
Hello, @dotnet/aspnet-blazor-eng. Could you help us with this? |
|
@MackinnonBuck did this fall through the cracks? I imagine we still want to merge this? |
|
@javiercn Yeah, we'd want to merge this. We were waiting to make sure that the .NET 9 fix didn't have any ill effects, but the feedback on the original issue is positive. So we can unblock this now. |
MackinnonBuck
added
Servicing-consider
|
/azp run |
dotnet-policy-service
bot
removed
the
pending-ci-rerun
|
Azure Pipelines successfully started running 3 pipeline(s). |
MackinnonBuck
added
Servicing-approved
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
MackinnonBuck
approved these changes
Feb 7, 2025
|
Java failure unrelated |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #57243 to release/8.0
/cc @MackinnonBuck
Important
We're waiting to get feedback about the original change before merging this backport
[Blazor] Allow cascading value subscribers to get added and removed during change notification
Updates cascading value change notification logic to operate on a copy of the subscriber list to avoid cases where the list could get mutated during enumeration.
Fixes #53075
Description
.NET 8 included changes to improve the flexibility of cascading values. One of these improvements enabled root-level cascading values that can be consumed by components anywhere in the component hierarchy.
The
AddCascadingAuthenticationState()API utilizes root-level cascading values to simplify making the authentication state available to Blazor components. However, customers have reported that under certain circumstances, using this API can cause an exception to get thrown that ends the user's session.While
AddCascadingAuthenticationState()manifests the bug, the root cause is actually deeper within the internals of Blazor's implementation of cascading values. If a cascading value changes, a change notification is issued to all components (subscribers) listening to that change. If a component reacts to the change by adding another subscriber (e.g., rendering another component that subscribes to the cascading value), then an exception gets thrown because the internal list of subscribers managed by the framework gets mutated as it's being enumerated.Customer Impact
Many customers have reported being impacted by this bug (see the comments in #53075).
Some customers have reported working around the issue by using a
<CascadingAuthenticationState>component (which existed prior to .NET 8) instead ofAddCascadingAuthenticationState(). However, our docs and templates reference the newAddCascadingAuthenticationState()API, and customers have expressed discontent with having to downgrade to<CascadingAuthenticationState>.Regression?
The bug was introduced at the same time as the affected features/scenarios.
Risk
The fix is simple; copy the list of subscribers to a separate buffer before enumerating them.
Verification
Packaging changes reviewed?