Fix #2399 - page paths not being validated for deleted pages

2022-09-06 10:50:53 -04:00
parent dd170bb41a
commit d1f50f12af
8 changed files with 30 additions and 39 deletions
--- a/Oqtane.Server/Security/AutoValidateAntiforgeryTokenFilter.cs
+++ b/Oqtane.Server/Security/AutoValidateAntiforgeryTokenFilter.cs
@ -51,7 +51,13 @@ namespace Oqtane.Security
        protected virtual bool ShouldValidate(AuthorizationFilterContext context)
        {
            // ignore antiforgery validation if a bearer token was provided
-            if (context.HttpContext.Request.Headers.ContainsKey("Authorization") || context.HttpContext.Request.Headers["User-Agent"] == Constants.MauiUserAgent)
+            if (context.HttpContext.Request.Headers.ContainsKey("Authorization"))
+            {
+                return false;
+            }
+
+            // ignore antiforgery validation if client is a MAUI app
+            if (context.HttpContext.Request.Headers["User-Agent"] == Constants.MauiUserAgent)
            {
                return false;
            }