Skip to content

Commit 6233d73

Browse files
committed
Bring CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter back
1 parent 8cea8af commit 6233d73

2 files changed

Lines changed: 37 additions & 36 deletions

File tree

Lines changed: 30 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -1,37 +1,34 @@
1-
//using System;
2-
//using Microsoft.AspNetCore.Antiforgery;
3-
//using Microsoft.AspNetCore.Authentication.JwtBearer;
4-
//using Microsoft.AspNetCore.Mvc.Filters;
5-
//using Microsoft.AspNetCore.Mvc.ViewFeatures.Internal;
6-
//using Microsoft.Extensions.Logging;
1+
using System.Threading.Tasks;
2+
using Microsoft.AspNetCore.Antiforgery;
3+
using Microsoft.AspNetCore.Http;
4+
using Microsoft.AspNetCore.Mvc.Filters;
75

8-
//namespace SimplCommerce.Infrastructure.Web
9-
//{
10-
// public class CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter : AutoValidateAntiforgeryTokenAuthorizationFilter
11-
// {
12-
// public CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery, ILoggerFactory loggerFactory)
13-
// : base(antiforgery, loggerFactory)
14-
// {
15-
// }
6+
namespace SimplCommerce.Infrastructure.Web
7+
{
8+
public class CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery) : IAsyncAuthorizationFilter
9+
{
10+
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
11+
{
12+
var httpContext = context.HttpContext;
13+
if (HttpMethods.IsGet(httpContext.Request.Method) ||
14+
HttpMethods.IsHead(httpContext.Request.Method) ||
15+
HttpMethods.IsOptions(httpContext.Request.Method) ||
16+
HttpMethods.IsTrace(httpContext.Request.Method))
17+
{
18+
return;
19+
}
1620

17-
// protected override bool ShouldValidate(AuthorizationFilterContext context)
18-
// {
19-
// if (context == null)
20-
// {
21-
// throw new ArgumentNullException(nameof(context));
22-
// }
21+
if (!httpContext.Request.Path.StartsWithSegments("/api"))
22+
{
23+
return;
24+
}
2325

24-
// if (!context.HttpContext.Request.Path.StartsWithSegments("/api"))
25-
// {
26-
// return false;
27-
// }
26+
if (httpContext.User.Identity?.AuthenticationType != "Identity.Application")
27+
{
28+
return;
29+
}
2830

29-
// if (context.HttpContext.User.Identity?.AuthenticationType != "Identity.Application")
30-
// {
31-
// return false;
32-
// }
33-
34-
// return base.ShouldValidate(context);
35-
// }
36-
// }
37-
//}
31+
await antiforgery.ValidateRequestAsync(httpContext);
32+
}
33+
}
34+
}

src/SimplCommerce.WebHost/Extensions/ServiceCollectionExtensions.cs

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
using Microsoft.Extensions.Localization;
2222
using SimplCommerce.Infrastructure;
2323
using SimplCommerce.Infrastructure.Modules;
24+
using SimplCommerce.Infrastructure.Web;
2425
using SimplCommerce.Infrastructure.Web.ModelBinders;
2526
using SimplCommerce.Module.Core.Data;
2627
using SimplCommerce.Module.Core.Extensions;
@@ -59,10 +60,13 @@ public static IServiceCollection AddModules(this IServiceCollection services)
5960
public static IServiceCollection AddCustomizedMvc(this IServiceCollection services, IList<ModuleInfo> modules)
6061
{
6162
var mvcBuilder = services
62-
.AddMvc(o =>
63+
.AddMvc(options =>
6364
{
64-
o.EnableEndpointRouting = false;
65-
o.ModelBinderProviders.Insert(0, new InvariantDecimalModelBinderProvider());
65+
options.EnableEndpointRouting = false;
66+
options.ModelBinderProviders.Insert(0, new InvariantDecimalModelBinderProvider());
67+
68+
options.Filters.Add<CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter>();
69+
6670
})
6771
.AddViewLocalization()
6872
.AddModelBindingMessagesLocalizer(services)

0 commit comments

Comments
 (0)