| @ -1,6 +1,7 @@ | |||||||
| @namespace Oqtane.Components | @namespace Oqtane.Components | ||||||
| @using Microsoft.AspNetCore.Http | @using Microsoft.AspNetCore.Http | ||||||
| @using Microsoft.AspNetCore.Http.Extensions | @using Microsoft.AspNetCore.Http.Extensions | ||||||
|  | @using Microsoft.AspNetCore.Antiforgery | ||||||
| @using Oqtane.Client | @using Oqtane.Client | ||||||
| @using Oqtane.Client.Utilities | @using Oqtane.Client.Utilities | ||||||
| @using Oqtane.Repository | @using Oqtane.Repository | ||||||
| @ -11,6 +12,7 @@ | |||||||
| @using Oqtane.Themes | @using Oqtane.Themes | ||||||
| @using System.Net | @using System.Net | ||||||
| @using Microsoft.AspNetCore.Localization | @using Microsoft.AspNetCore.Localization | ||||||
|  | @inject IAntiforgery Antiforgery; | ||||||
| @inject IConfigManager ConfigManager; | @inject IConfigManager ConfigManager; | ||||||
| @inject ITenantManager TenantManager; | @inject ITenantManager TenantManager; | ||||||
| @inject ILocalizationManager LocalizationManager; | @inject ILocalizationManager LocalizationManager; | ||||||
| @ -42,7 +44,7 @@ | |||||||
| <body> | <body> | ||||||
|     @if (string.IsNullOrEmpty(_message)) |     @if (string.IsNullOrEmpty(_message)) | ||||||
|     { |     { | ||||||
|         <Routes AntiForgeryToken="" Runtime="Server" RenderMode="PreRendered" VisitorId="-1" RemoteIPAddress="@_remoteIPAddress" AuthorizationToken="" @rendermode="@RenderModes.GetRenderMode(_interactiveRenderMode)" /> |         <Routes AntiForgeryToken="@_antiForgeryToken" Runtime="Server" RenderMode="PreRendered" VisitorId="-1" RemoteIPAddress="@_remoteIPAddress" AuthorizationToken="" @rendermode="@RenderModes.GetRenderMode(_interactiveRenderMode)" /> | ||||||
|  |  | ||||||
|         <script src="js/interop.js"></script> |         <script src="js/interop.js"></script> | ||||||
|         <script src="_framework/blazor.web.js"></script> |         <script src="_framework/blazor.web.js"></script> | ||||||
| @ -67,6 +69,7 @@ | |||||||
| @code { | @code { | ||||||
|     private string _interactiveRenderMode = "InteractiveServer"; |     private string _interactiveRenderMode = "InteractiveServer"; | ||||||
|     private string _language = "en"; |     private string _language = "en"; | ||||||
|  |     private string _antiForgeryToken = ""; | ||||||
|     private string _remoteIPAddress = ""; |     private string _remoteIPAddress = ""; | ||||||
|     private string _headResources = ""; |     private string _headResources = ""; | ||||||
|     private string _bodyResources = ""; |     private string _bodyResources = ""; | ||||||
| @ -81,6 +84,7 @@ | |||||||
|  |  | ||||||
|     protected override void OnInitialized() |     protected override void OnInitialized() | ||||||
|     { |     { | ||||||
|  |         _antiForgeryToken = Antiforgery.GetAndStoreTokens(Context).RequestToken; | ||||||
|         _remoteIPAddress = Context.Connection.RemoteIpAddress?.ToString() ?? ""; |         _remoteIPAddress = Context.Connection.RemoteIpAddress?.ToString() ?? ""; | ||||||
|  |  | ||||||
|         // if framework is installed |         // if framework is installed | ||||||
|  | |||||||
| @ -50,8 +50,6 @@ namespace Oqtane.Security | |||||||
|  |  | ||||||
|         protected virtual bool ShouldValidate(AuthorizationFilterContext context) |         protected virtual bool ShouldValidate(AuthorizationFilterContext context) | ||||||
|         { |         { | ||||||
|             return false; |  | ||||||
|  |  | ||||||
|             // ignore antiforgery validation if a bearer token was provided |             // ignore antiforgery validation if a bearer token was provided | ||||||
|             if (context.HttpContext.Request.Headers.ContainsKey("Authorization")) |             if (context.HttpContext.Request.Headers.ContainsKey("Authorization")) | ||||||
|             { |             { | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user
	 Shaun Walker
					Shaun Walker