Skip to content

Commit 3472ba0

Browse files
cx-alex-shleymovichhishamco
authored andcommitted
Handle AntiforgeryValidationException to return 400 instead of 500
1 parent eae0e4c commit 3472ba0

1 file changed

Lines changed: 10 additions & 2 deletions

File tree

src/SimplCommerce.Infrastructure/Web/CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter.cs

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
1-
using System.Threading.Tasks;
1+
using System.Threading.Tasks;
22
using Microsoft.AspNetCore.Antiforgery;
33
using Microsoft.AspNetCore.Http;
4+
using Microsoft.AspNetCore.Mvc;
45
using Microsoft.AspNetCore.Mvc.Filters;
56

67
namespace SimplCommerce.Infrastructure.Web
@@ -28,7 +29,14 @@ public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
2829
return;
2930
}
3031

31-
await antiforgery.ValidateRequestAsync(httpContext);
32+
try
33+
{
34+
await antiforgery.ValidateRequestAsync(httpContext);
35+
}
36+
catch (AntiforgeryValidationException)
37+
{
38+
context.Result = new AntiforgeryValidationFailedResult();
39+
}
3240
}
3341
}
3442
}

0 commit comments

Comments
 (0)