fix #2172 - File Upload issue caused by JS Interop not passing AntiForgery token in POST methid
This commit is contained in:
parent
577528fa0a
commit
d3c40a7e8b
|
@ -14,10 +14,12 @@ namespace Oqtane.Services
|
|||
[PrivateApi("Don't show in the documentation, as everything should use the Interface")]
|
||||
public class FileService : ServiceBase, IFileService
|
||||
{
|
||||
private readonly SiteState _siteState;
|
||||
private readonly IJSRuntime _jsRuntime;
|
||||
|
||||
public FileService(HttpClient http, SiteState siteState, IJSRuntime jsRuntime) : base(http, siteState)
|
||||
{
|
||||
_siteState = siteState;
|
||||
_jsRuntime = jsRuntime;
|
||||
}
|
||||
|
||||
|
@ -80,7 +82,7 @@ namespace Oqtane.Services
|
|||
string result = "";
|
||||
|
||||
var interop = new Interop(_jsRuntime);
|
||||
await interop.UploadFiles($"{Apiurl}/upload", folder, id);
|
||||
await interop.UploadFiles($"{Apiurl}/upload", folder, id, _siteState.AntiForgeryToken);
|
||||
|
||||
// uploading files is asynchronous so we need to wait for the upload to complete
|
||||
bool success = false;
|
||||
|
|
|
@ -189,13 +189,13 @@ namespace Oqtane.UI
|
|||
}
|
||||
}
|
||||
|
||||
public Task UploadFiles(string posturl, string folder, string id)
|
||||
public Task UploadFiles(string posturl, string folder, string id, string antiforgerytoken)
|
||||
{
|
||||
try
|
||||
{
|
||||
_jsRuntime.InvokeVoidAsync(
|
||||
"Oqtane.Interop.uploadFiles",
|
||||
posturl, folder, id);
|
||||
posturl, folder, id, antiforgerytoken);
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
catch
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
using System;
|
||||
using System.Diagnostics;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Antiforgery;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
|
@ -38,6 +39,7 @@ namespace Oqtane.Security
|
|||
catch
|
||||
{
|
||||
context.Result = new AntiforgeryValidationFailedResult();
|
||||
Debug.WriteLine($"Oqtane Error: AutoValidateAntiforgeryTokenFilter Failure on {context.HttpContext.Request.Path}");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -294,7 +294,7 @@ Oqtane.Interop = {
|
|||
}
|
||||
return files;
|
||||
},
|
||||
uploadFiles: function (posturl, folder, id) {
|
||||
uploadFiles: function (posturl, folder, id, antiforgerytoken) {
|
||||
var fileinput = document.getElementById(id + 'FileInput');
|
||||
var files = fileinput.files;
|
||||
var progressinfo = document.getElementById(id + 'ProgressInfo');
|
||||
|
@ -326,6 +326,7 @@ Oqtane.Interop = {
|
|||
var FileName = file.name + ".part_" + PartCount.toString().padStart(3, '0') + "_" + TotalParts.toString().padStart(3, '0');
|
||||
|
||||
var data = new FormData();
|
||||
data.append('__RequestVerificationToken', antiforgerytoken);
|
||||
data.append('folder', folder);
|
||||
data.append('formfile', Chunk, FileName);
|
||||
var request = new XMLHttpRequest();
|
||||
|
|
Loading…
Reference in New Issue
Block a user