Fix cache headers for Blazor resource collection endpoint

[Copilot]

Fixes three issues with HTTP response headers on the /_framework/resource-collection.js endpoint.

Description

• no-transform added to Cache-Control on both fingerprinted (max-age=31536000, immutable) and non-fingerprinted (no-cache, must-revalidate) variants — prevents proxies/CDNs from modifying the JS module content.
• Vary: Accept-Encoding moved from WriteEncodingHeaders (gzip-only) to WriteCommonHeaders — ensures all responses (gzip and identity) correctly advertise encoding variance to caches.
• Weak ETag removed from gzip responses — _gzipContentETags was a two-element array containing a weak variant of the plain-content ETag alongside the gzip strong ETag. The weak ETag is incorrect here; gzip responses now carry only their own strong ETag. This also simplifies the field from string[] to string.

// Before
_gzipContentETags = [$"W/ {_contentETag}", ComputeETagTag(gzipContent)];
context.Response.Headers.ETag = new StringValues(_gzipContentETags);

// After
_gzipContentETag = ComputeETagTag(gzipContent);
context.Response.Headers.ETag = _gzipContentETag;

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Blazor] Add no-transform to the cache headers for the resource collection endpoint</issue_title>
<issue_description>

aspnetcore/src/Components/Endpoints/src/Builder/ResourceCollectionUrlEndpoint.cs

Lines 261 to 269 in 93830e4

	private static void WriteFingerprintHeaders(HttpContext context)
	{
	context.Response.Headers[HeaderNames.CacheControl] = "max-age=31536000, immutable";
	}
	private static void WriteNonFingerprintedHeaders(HttpContext context)
	{
	context.Response.Headers[HeaderNames.CacheControl] = "no-cache, must-revalidate";
	}

</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Blazor] Add no-transform to the cache headers for the resource collection endpoint #65512

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

This PR fixes three HTTP caching header issues for the /_framework/resource-collection.js endpoint in Blazor WebAssembly applications. The changes improve cache correctness and prevent content transformation by intermediaries.

Changes:

• Added no-transform directive to Cache-Control headers for both fingerprinted (long-lived) and non-fingerprinted (revalidation-required) variants
• Moved Vary: Accept-Encoding header from gzip-specific method to common headers method, ensuring all responses properly advertise encoding variance
• Simplified gzip ETag from a two-element array (containing incorrect weak ETag) to a single strong ETag computed from gzipped content

Comments suppressed due to low confidence (1)

src/Components/Endpoints/src/Builder/ResourceCollectionUrlEndpoint.cs:275

• The changes to HTTP headers (addition of no-transform, moving Vary header, and ETag simplification) lack test coverage. Consider adding integration tests that verify:

1. Cache-Control headers contain "no-transform" for both fingerprinted and non-fingerprinted responses
2. Vary: Accept-Encoding is present on all responses (both gzipped and non-gzipped)
3. Gzipped responses have a single strong ETag (not multiple ETags)

These headers are critical for correct caching behavior in production environments.

        private static void WriteCommonHeaders(HttpContext context, byte[] contents)
        {
            context.Response.ContentType = "application/javascript";
            context.Response.ContentLength = contents.Length;
            context.Response.Headers[HeaderNames.Vary] = HeaderNames.AcceptEncoding;
        }