diff --git a/Oqtane.Server/Controllers/SettingController.cs b/Oqtane.Server/Controllers/SettingController.cs index 2c33c958..b2db2def 100644 --- a/Oqtane.Server/Controllers/SettingController.cs +++ b/Oqtane.Server/Controllers/SettingController.cs @@ -298,7 +298,7 @@ namespace Oqtane.Controllers if (!authorized) { var visitorCookieName = Constants.VisitorCookiePrefix + _alias.SiteId.ToString(); - authorized = (entityId == GetVisitorCookieId(Request.Cookies[visitorCookieName])); + authorized = (entityId == GetVisitorCookieId(HttpContext.Request.Cookies[visitorCookieName])); } break; default: // custom entity @@ -352,9 +352,14 @@ namespace Oqtane.Controllers private int GetVisitorCookieId(string visitorCookie) { - // visitor cookies contain the visitor id and an expiry date separated by a pipe symbol - visitorCookie = (visitorCookie.Contains("|")) ? visitorCookie.Split('|')[0] : visitorCookie; - return (int.TryParse(visitorCookie, out int visitorId)) ? visitorId : -1; + var visitorId = -1; + if (visitorCookie != null) + { + // visitor cookies now contain the visitor id and an expiry date separated by a pipe symbol + visitorCookie = (visitorCookie.Contains("|")) ? visitorCookie.Split('|')[0] : visitorCookie; + visitorId = int.TryParse(visitorCookie, out int _visitorId) ? _visitorId : -1; + } + return visitorId; } private void AddSyncEvent(string EntityName, int EntityId, int SettingId, string Action) diff --git a/Oqtane.Server/Controllers/VisitorController.cs b/Oqtane.Server/Controllers/VisitorController.cs index e0074452..707d2290 100644 --- a/Oqtane.Server/Controllers/VisitorController.cs +++ b/Oqtane.Server/Controllers/VisitorController.cs @@ -77,9 +77,14 @@ namespace Oqtane.Controllers private int GetVisitorCookieId(string visitorCookie) { - // visitor cookies contain the visitor id and an expiry date separated by a pipe symbol - visitorCookie = (visitorCookie.Contains("|")) ? visitorCookie.Split('|')[0] : visitorCookie; - return (int.TryParse(visitorCookie, out int visitorId)) ? visitorId : -1; + var visitorId = -1; + if (visitorCookie != null) + { + // visitor cookies now contain the visitor id and an expiry date separated by a pipe symbol + visitorCookie = (visitorCookie.Contains("|")) ? visitorCookie.Split('|')[0] : visitorCookie; + visitorId = int.TryParse(visitorCookie, out int _visitorId) ? _visitorId : -1; + } + return visitorId; } } } diff --git a/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs b/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs index 3ab2d87f..32fd81ba 100644 --- a/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs +++ b/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs @@ -257,7 +257,7 @@ namespace Microsoft.Extensions.DependencyInjection // set the cookies to allow HttpClient API calls to be authenticated foreach (var cookie in httpContextAccessor.HttpContext.Request.Cookies) { - client.DefaultRequestHeaders.Add("Cookie", cookie.Key + "=" + cookie.Value); + client.DefaultRequestHeaders.Add("Cookie", cookie.Key + "=" + WebUtility.UrlEncode(cookie.Value)); } } @@ -275,7 +275,7 @@ namespace Microsoft.Extensions.DependencyInjection // set the cookies to allow HttpClient API calls to be authenticated foreach (var cookie in httpContextAccessor.HttpContext.Request.Cookies) { - client.DefaultRequestHeaders.Add("Cookie", cookie.Key + "=" + cookie.Value); + client.DefaultRequestHeaders.Add("Cookie", cookie.Key + "=" + WebUtility.UrlEncode(cookie.Value)); } } });