Diplomarbeit-Absolventenverein/oqtane.framework
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix #6166 - move UseAntiforgery after UseNotFoundResponse and adjust 404 handling logic

Browse Source
This commit is contained in:
sbwalker
2026-04-08 16:40:06 -04:00
parent 1741029057
commit 0ea27e7147
1 changed files with 21 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
Oqtane.Server/Extensions/ApplicationBuilderExtensions.cs
View File

@@ -67,8 +67,8 @@ namespace Oqtane.Extensions
app.UseOutputCache();
app.UseAuthentication();
app.UseAuthorization();
app.UseAntiforgery();
app.UseNotFoundResponse();
app.UseAntiforgery();
// execute any IServerStartup logic
app.ConfigureOqtaneAssemblies(environment);
@@ -153,28 +153,33 @@ namespace Oqtane.Extensions
public static IApplicationBuilder UseNotFoundResponse(this IApplicationBuilder app)
{
// set the route to be rendered on NavigationManager.NotFound()
const string notFoundRoute = "/404";
app.UseStatusCodePagesWithReExecute(notFoundRoute, createScopeForStatusCodePages: true);
// middleware to determine if status code pages should be skipped
app.Use(async (context, next) =>
{
var path = context.Request.Path.Value ?? string.Empty;
if (string.IsNullOrEmpty(path) || ShouldSkipStatusCodeReExecution(path))
if (ShouldSkipStatusCodeReExecution(path))
{
var feature = context.Features.Get<IStatusCodePagesFeature>();
feature?.Enabled = false;
var statusCodePagesFeature = context.Features.Get<IStatusCodePagesFeature>();
if (statusCodePagesFeature != null)
{
statusCodePagesFeature.Enabled = false;
}
}
await next();
});
// middleware to rewrite the path for 404 status code responses on sites using subfolders
app.Use(async (context, next) =>
{
var feature = context.Features.Get<IStatusCodeReExecuteFeature>();
var handled = false;
if (feature != null
var statusCodeReExecuteFeature = context.Features.Get<IStatusCodeReExecuteFeature>();
if (statusCodeReExecuteFeature != null
&& context.Response.StatusCode == (int)HttpStatusCode.NotFound
&& notFoundRoute.Equals(context.Request.Path.Value, StringComparison.OrdinalIgnoreCase))
&& string.Equals(context.Request.Path.Value, notFoundRoute, StringComparison.OrdinalIgnoreCase))
{
var alias = context.GetAlias();
if (!string.IsNullOrEmpty(alias?.Path))
@@ -183,20 +188,17 @@ namespace Oqtane.Extensions
context.Request.Path = new PathString($"/{alias.Path}{notFoundRoute}");
try
{
handled = true;
await next();
}
finally
{
context.Request.Path = originalPath;
}
return;
}
}
if (!handled)
{
await next();
}
await next();
});
return app;
@@ -204,12 +206,16 @@ namespace Oqtane.Extensions
static bool ShouldSkipStatusCodeReExecution(string path)
{
return Constants.ReservedRoutes.Any(item => path.Contains("/" + item + "/")) || HasStaticFileExtension(path);
// skip requests for framework resources, reserved routes, and static files
return path.StartsWith("/_framework/", StringComparison.OrdinalIgnoreCase) ||
path.StartsWith("/_content/", StringComparison.OrdinalIgnoreCase) ||
Constants.ReservedRoutes.Any(item => path.Contains("/" + item + "/")) ||
HasStaticFileExtension(path);
}
static bool HasStaticFileExtension(string path)
{
return !string.IsNullOrEmpty(Path.GetExtension(path));
return !string.IsNullOrEmpty(Path.GetExtension(path)) && Path.GetExtension(path).Length != 1;
}
}
}