fix #2172 - File Upload issue caused by JS Interop not passing AntiForgery token in POST methid

This commit is contained in:
Shaun Walker 2022-05-04 17:14:45 -04:00
parent 577528fa0a
commit d3c40a7e8b
4 changed files with 9 additions and 4 deletions

View File

@ -14,10 +14,12 @@ namespace Oqtane.Services
[PrivateApi("Don't show in the documentation, as everything should use the Interface")]
public class FileService : ServiceBase, IFileService
{
private readonly SiteState _siteState;
private readonly IJSRuntime _jsRuntime;
public FileService(HttpClient http, SiteState siteState, IJSRuntime jsRuntime) : base(http, siteState)
{
_siteState = siteState;
_jsRuntime = jsRuntime;
}
@ -80,7 +82,7 @@ namespace Oqtane.Services
string result = "";
var interop = new Interop(_jsRuntime);
await interop.UploadFiles($"{Apiurl}/upload", folder, id);
await interop.UploadFiles($"{Apiurl}/upload", folder, id, _siteState.AntiForgeryToken);
// uploading files is asynchronous so we need to wait for the upload to complete
bool success = false;

View File

@ -189,13 +189,13 @@ namespace Oqtane.UI
}
}
public Task UploadFiles(string posturl, string folder, string id)
public Task UploadFiles(string posturl, string folder, string id, string antiforgerytoken)
{
try
{
_jsRuntime.InvokeVoidAsync(
"Oqtane.Interop.uploadFiles",
posturl, folder, id);
posturl, folder, id, antiforgerytoken);
return Task.CompletedTask;
}
catch

View File

@ -1,4 +1,5 @@
using System;
using System.Diagnostics;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Antiforgery;
using Microsoft.AspNetCore.Http;
@ -38,6 +39,7 @@ namespace Oqtane.Security
catch
{
context.Result = new AntiforgeryValidationFailedResult();
Debug.WriteLine($"Oqtane Error: AutoValidateAntiforgeryTokenFilter Failure on {context.HttpContext.Request.Path}");
}
}
}

View File

@ -294,7 +294,7 @@ Oqtane.Interop = {
}
return files;
},
uploadFiles: function (posturl, folder, id) {
uploadFiles: function (posturl, folder, id, antiforgerytoken) {
var fileinput = document.getElementById(id + 'FileInput');
var files = fileinput.files;
var progressinfo = document.getElementById(id + 'ProgressInfo');
@ -326,6 +326,7 @@ Oqtane.Interop = {
var FileName = file.name + ".part_" + PartCount.toString().padStart(3, '0') + "_" + TotalParts.toString().padStart(3, '0');
var data = new FormData();
data.append('__RequestVerificationToken', antiforgerytoken);
data.append('folder', folder);
data.append('formfile', Chunk, FileName);
var request = new XMLHttpRequest();