require AntiForgery on Static Rendered components

2024-05-08 14:42:39 -04:00 · 2024-05-08 14:42:39 -04:00 · bf4052b550
commit bf4052b550
parent f7895823cb
2 changed files with 3 additions and 0 deletions
--- a/Oqtane.Server/Extensions/ComponentEndpointRouteBuilderExtensions.cs
+++ b/Oqtane.Server/Extensions/ComponentEndpointRouteBuilderExtensions.cs
@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Routing;
 using System;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.AspNetCore.Antiforgery;

 namespace OqtaneSSR.Extensions
 {
@ -23,6 +24,7 @@ namespace OqtaneSSR.Extensions
            {
                routeEndpointBuilder.Metadata.Add(new RootComponentMetadata(typeof(App)));
                routeEndpointBuilder.Metadata.Add(new ComponentTypeMetadata(typeof(App)));
+                routeEndpointBuilder.Metadata.Add(new RequireAntiforgeryTokenAttribute());
            });
        }
    }
--- a/Oqtane.Server/Startup.cs
+++ b/Oqtane.Server/Startup.cs
@ -216,6 +216,7 @@ namespace Oqtane
            app.UseCors();
            app.UseAuthentication();
            app.UseAuthorization();
+            app.UseAntiforgery();

            if (_useSwagger)
            {