Merge pull request #1693 from sbwalker/dev

fix #1691 - AntiForgeryToken header not being set during startup
2021-09-27 08:37:27 -04:00 · 2021-09-27 08:37:27 -04:00 · 30fb6fd8e2
commit 30fb6fd8e2
parent 023f29491d 4bfb5d9f34
3 changed files with 22 additions and 5 deletions
--- a/Oqtane.Client/App.razor
+++ b/Oqtane.Client/App.razor
@ -47,11 +47,13 @@

    protected override async Task OnParametersSetAsync()
    {
+        SiteState.AntiForgeryToken = AntiForgeryToken;
+        InstallationService.SetAntiForgeryTokenHeader(AntiForgeryToken);
+
        _installation = await InstallationService.IsInstalled();
        if (_installation.Alias != null)
        {
            SiteState.Alias = _installation.Alias;
-            SiteState.AntiForgeryToken = AntiForgeryToken;
        }
        else
        {
@ -68,8 +70,10 @@
            {
                // parameter values are not set when running on WebAssembly (seems to be a .NET 5 bug) - need to retrieve using JSInterop
                var interop = new Interop(JSRuntime);
-                AntiForgeryToken = await interop.GetElementByName(Constants.RequestVerificationToken);
-                SiteState.AntiForgeryToken = AntiForgeryToken;
+
+                SiteState.AntiForgeryToken = await interop.GetElementByName(Constants.RequestVerificationToken);
+                InstallationService.SetAntiForgeryTokenHeader(SiteState.AntiForgeryToken);
+
                Runtime = await interop.GetElementByName("app_runtime");
                RenderMode = await interop.GetElementByName("app_rendermode");
            }
--- a/Oqtane.Client/Services/InstallationService.cs
+++ b/Oqtane.Client/Services/InstallationService.cs
@ -25,8 +25,6 @@ namespace Oqtane.Services

        public async Task<Installation> IsInstalled()
        {
-            // add antiforgerytoken header so that it is included on all HttpClient calls for the lifetime of the app
-            AddRequestHeader(Constants.AntiForgeryTokenHeaderName, _siteState.AntiForgeryToken);
            var path = new Uri(_navigationManager.Uri).LocalPath.Substring(1);            
            return await GetJsonAsync<Installation>($"{ApiUrl}/installed/?path={WebUtility.UrlEncode(path)}");
        }
@ -50,5 +48,14 @@ namespace Oqtane.Services
        {
            await PostJsonAsync($"{ApiUrl}/register?email={WebUtility.UrlEncode(email)}", true);
        }
+
+        public void SetAntiForgeryTokenHeader(string antiforgerytokenvalue)
+        {
+            if (!string.IsNullOrEmpty(antiforgerytokenvalue))
+            {
+                AddRequestHeader(Constants.AntiForgeryTokenHeaderName, antiforgerytokenvalue);
+            }
+        }
+
    }
 }
--- a/Oqtane.Client/Services/Interfaces/IInstallationService.cs
+++ b/Oqtane.Client/Services/Interfaces/IInstallationService.cs
@ -41,5 +41,11 @@ namespace Oqtane.Services
        /// <param name="email">Email of the user to be registered</param>
        /// <returns></returns>
        Task RegisterAsync(string email);
+
+        /// <summary>
+        /// Sets the antiforgerytoken header so that it is included on all HttpClient calls for the lifetime of the app 
+        /// </summary>
+        /// <returns></returns>
+        void SetAntiForgeryTokenHeader(string antiforgerytokenvalue);
    }
 }