diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs index ff77815ce4..9b45738756 100644 --- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs +++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs @@ -11,7 +11,6 @@ using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http.Authentication; using Microsoft.AspNetCore.Http.Features; using Microsoft.AspNetCore.Http.Features.Authentication; -using Microsoft.Extensions.Primitives; using Microsoft.Net.Http.Headers; namespace Microsoft.AspNetCore.Authentication.Cookies @@ -314,8 +313,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies if (shouldRedirectToReturnUrl && Response.StatusCode == 200) { - CookieRedirectContext redirectContext = null; - // set redirect uri in order: // 1. properties.RedirectUri // 2. query parameter ReturnUrlParameter @@ -331,8 +328,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies if (redirectUri != null) { - redirectContext = new CookieRedirectContext(Context, Options, redirectUri, properties); - await Options.Events.RedirectToReturnUrl(redirectContext); + await Options.Events.RedirectToReturnUrl( + new CookieRedirectContext(Context, Options, redirectUri, properties)); } } } diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs index 4a4d19a021..942b1c4a5f 100644 --- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs +++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs @@ -1100,7 +1100,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies } [Fact] - public async Task AbsoluteRedirectUriIsRejected() + public async Task AbsoluteRedirectUriInQueryStringIsRejected() { var options = new CookieAuthenticationOptions {