kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1693 from sbwalker/dev

Browse Source 
fix #1691 - AntiForgeryToken header not being set during startup
This commit is contained in:
Shaun Walker 2021-09-27 08:37:27 -04:00 committed by GitHub
commit 30fb6fd8e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Oqtane.Client/App.razor
View File

@ -47,11 +47,13 @@
protected override async Task OnParametersSetAsync() protected override async Task OnParametersSetAsync()
{ {
SiteState.AntiForgeryToken = AntiForgeryToken;
InstallationService.SetAntiForgeryTokenHeader(AntiForgeryToken);
_installation = await InstallationService.IsInstalled(); _installation = await InstallationService.IsInstalled();
if (_installation.Alias != null) if (_installation.Alias != null)
{ {
SiteState.Alias = _installation.Alias; SiteState.Alias = _installation.Alias;
SiteState.AntiForgeryToken = AntiForgeryToken;
} }
else else
{ {
@ -68,8 +70,10 @@
{ {
// parameter values are not set when running on WebAssembly (seems to be a .NET 5 bug) - need to retrieve using JSInterop // parameter values are not set when running on WebAssembly (seems to be a .NET 5 bug) - need to retrieve using JSInterop
var interop = new Interop(JSRuntime); var interop = new Interop(JSRuntime);
AntiForgeryToken = await interop.GetElementByName(Constants.RequestVerificationToken);
SiteState.AntiForgeryToken = AntiForgeryToken; SiteState.AntiForgeryToken = await interop.GetElementByName(Constants.RequestVerificationToken);
InstallationService.SetAntiForgeryTokenHeader(SiteState.AntiForgeryToken);
Runtime = await interop.GetElementByName("app_runtime"); Runtime = await interop.GetElementByName("app_runtime");
RenderMode = await interop.GetElementByName("app_rendermode"); RenderMode = await interop.GetElementByName("app_rendermode");
} }

11
Oqtane.Client/Services/InstallationService.cs
View File

@ -25,8 +25,6 @@ namespace Oqtane.Services
public async Task<Installation> IsInstalled() public async Task<Installation> IsInstalled()
{ {
// add antiforgerytoken header so that it is included on all HttpClient calls for the lifetime of the app
AddRequestHeader(Constants.AntiForgeryTokenHeaderName, _siteState.AntiForgeryToken);
var path = new Uri(_navigationManager.Uri).LocalPath.Substring(1); var path = new Uri(_navigationManager.Uri).LocalPath.Substring(1);
return await GetJsonAsync<Installation>($"{ApiUrl}/installed/?path={WebUtility.UrlEncode(path)}"); return await GetJsonAsync<Installation>($"{ApiUrl}/installed/?path={WebUtility.UrlEncode(path)}");
} }
@ -50,5 +48,14 @@ namespace Oqtane.Services
{ {
await PostJsonAsync($"{ApiUrl}/register?email={WebUtility.UrlEncode(email)}", true); await PostJsonAsync($"{ApiUrl}/register?email={WebUtility.UrlEncode(email)}", true);
} }
public void SetAntiForgeryTokenHeader(string antiforgerytokenvalue)
{
if (!string.IsNullOrEmpty(antiforgerytokenvalue))
{
AddRequestHeader(Constants.AntiForgeryTokenHeaderName, antiforgerytokenvalue);
}
}
} }
} }

6
Oqtane.Client/Services/Interfaces/IInstallationService.cs
View File

@ -41,5 +41,11 @@ namespace Oqtane.Services
/// <param name="email">Email of the user to be registered</param> /// <param name="email">Email of the user to be registered</param>
/// <returns></returns> /// <returns></returns>
Task RegisterAsync(string email); Task RegisterAsync(string email);
/// <summary>
/// Sets the antiforgerytoken header so that it is included on all HttpClient calls for the lifetime of the app
/// </summary>
/// <returns></returns>
void SetAntiForgeryTokenHeader(string antiforgerytokenvalue);
} }
} }