resolve antiforgery issue

2024-01-31 07:33:52 -05:00 · 2024-01-31 07:33:52 -05:00 · 7e817a5808
commit 7e817a5808
parent 82d7b9cf05
2 changed files with 5 additions and 3 deletions
--- a/Oqtane.Server/Components/App.razor
+++ b/Oqtane.Server/Components/App.razor
@ -1,6 +1,7 @@
@namespace Oqtane.Components
@using Microsoft.AspNetCore.Http
@using Microsoft.AspNetCore.Http.Extensions
+@using Microsoft.AspNetCore.Antiforgery
@using Oqtane.Client
@using Oqtane.Client.Utilities
@using Oqtane.Repository
@ -11,6 +12,7 @@
@using Oqtane.Themes
@using System.Net
@using Microsoft.AspNetCore.Localization
+@inject IAntiforgery Antiforgery;
@inject IConfigManager ConfigManager;
@inject ITenantManager TenantManager;
@inject ILocalizationManager LocalizationManager;
@ -42,7 +44,7 @@
 <body>
    @if (string.IsNullOrEmpty(_message))
    {
-        <Routes AntiForgeryToken="" Runtime="Server" RenderMode="PreRendered" VisitorId="-1" RemoteIPAddress="@_remoteIPAddress" AuthorizationToken="" @rendermode="@RenderModes.GetRenderMode(_interactiveRenderMode)" />
+        <Routes AntiForgeryToken="@_antiForgeryToken" Runtime="Server" RenderMode="PreRendered" VisitorId="-1" RemoteIPAddress="@_remoteIPAddress" AuthorizationToken="" @rendermode="@RenderModes.GetRenderMode(_interactiveRenderMode)" />

        <script src="js/interop.js"></script>
        <script src="_framework/blazor.web.js"></script>
@ -67,6 +69,7 @@
@code {
    private string _interactiveRenderMode = "InteractiveServer";
    private string _language = "en";
+    private string _antiForgeryToken = "";
    private string _remoteIPAddress = "";
    private string _headResources = "";
    private string _bodyResources = "";
@ -81,6 +84,7 @@

    protected override void OnInitialized()
    {
+        _antiForgeryToken = Antiforgery.GetAndStoreTokens(Context).RequestToken;
        _remoteIPAddress = Context.Connection.RemoteIpAddress?.ToString() ?? "";

        // if framework is installed
--- a/Oqtane.Server/Security/AutoValidateAntiforgeryTokenFilter.cs
+++ b/Oqtane.Server/Security/AutoValidateAntiforgeryTokenFilter.cs
@ -50,8 +50,6 @@ namespace Oqtane.Security

        protected virtual bool ShouldValidate(AuthorizationFilterContext context)
        {
-            return false;
-
            // ignore antiforgery validation if a bearer token was provided
            if (context.HttpContext.Request.Headers.ContainsKey("Authorization"))
            {