diff --git a/src/Microsoft.AspNetCore.Antiforgery/IAntiforgery.cs b/src/Microsoft.AspNetCore.Antiforgery/IAntiforgery.cs
index d2eac4c95a..583a71ffea 100644
--- a/src/Microsoft.AspNetCore.Antiforgery/IAntiforgery.cs
+++ b/src/Microsoft.AspNetCore.Antiforgery/IAntiforgery.cs
@@ -2,7 +2,6 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System.Threading.Tasks;
-using Microsoft.AspNetCore.Html;
using Microsoft.AspNetCore.Http;
namespace Microsoft.AspNetCore.Antiforgery
@@ -13,20 +12,6 @@ namespace Microsoft.AspNetCore.Antiforgery
///
public interface IAntiforgery
{
- ///
- /// Generates an <input type="hidden"> element for an antiforgery token.
- ///
- /// The associated with the current request.
- ///
- /// A containing an <input type="hidden"> element. This element should be put
- /// inside a <form>.
- ///
- ///
- /// This method has a side effect:
- /// A response cookie is set if there is no valid cookie associated with the request.
- ///
- IHtmlContent GetHtml(HttpContext httpContext);
-
///
/// Generates an for this request and stores the cookie token
/// in the response.
diff --git a/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgery.cs b/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgery.cs
index 1a581a5f54..76a5ff8f30 100644
--- a/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgery.cs
+++ b/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgery.cs
@@ -3,10 +3,7 @@
using System;
using System.Diagnostics;
-using System.IO;
-using System.Text.Encodings.Web;
using System.Threading.Tasks;
-using Microsoft.AspNetCore.Html;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Options;
@@ -35,20 +32,6 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
_tokenStore = tokenStore;
}
- ///
- public IHtmlContent GetHtml(HttpContext httpContext)
- {
- if (httpContext == null)
- {
- throw new ArgumentNullException(nameof(httpContext));
- }
-
- CheckSSLConfig(httpContext);
-
- var tokenSet = GetAndStoreTokens(httpContext);
- return new InputContent(_options.FormFieldName, tokenSet.RequestToken);
- }
-
///
public AntiforgeryTokenSet GetAndStoreTokens(HttpContext httpContext)
{
@@ -307,42 +290,5 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
public bool IsNewCookieToken { get; set; }
}
-
- private class InputContent : IHtmlContent
- {
- private readonly string _fieldName;
- private readonly string _requestToken;
-
- public InputContent(string fieldName, string requestToken)
- {
- _fieldName = fieldName;
- _requestToken = requestToken;
- }
-
- // Though _requestToken normally contains only US-ASCII letters, numbers, '-', and '_', must assume the
- // IAntiforgeryTokenSerializer implementation has been overridden. Similarly, users may choose a
- // _fieldName containing almost any character.
- public void WriteTo(TextWriter writer, HtmlEncoder encoder)
- {
- var builder = writer as IHtmlContentBuilder;
- if (builder != null)
- {
- // If possible, defer encoding until we're writing to the response.
- // But there's little reason to keep this IHtmlContent instance around.
- builder
- .AppendHtml("");
- }
-
- writer.Write("");
- }
- }
}
}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Antiforgery/project.json b/src/Microsoft.AspNetCore.Antiforgery/project.json
index 1499e577c7..bcd5357d8d 100644
--- a/src/Microsoft.AspNetCore.Antiforgery/project.json
+++ b/src/Microsoft.AspNetCore.Antiforgery/project.json
@@ -11,7 +11,6 @@
},
"dependencies": {
"Microsoft.AspNetCore.DataProtection": "1.0.0-*",
- "Microsoft.AspNetCore.Html.Abstractions": "1.0.0-*",
"Microsoft.AspNetCore.Http.Abstractions": "1.0.0-*",
"Microsoft.AspNetCore.WebUtilities": "1.0.0-*",
"Microsoft.Extensions.ObjectPool": "1.0.0-*"
diff --git a/test/Microsoft.AspNetCore.Antiforgery.Test/Internal/DefaultAntiforgeryTest.cs b/test/Microsoft.AspNetCore.Antiforgery.Test/Internal/DefaultAntiforgeryTest.cs
index 040cf866a4..e1f64fcab2 100644
--- a/test/Microsoft.AspNetCore.Antiforgery.Test/Internal/DefaultAntiforgeryTest.cs
+++ b/test/Microsoft.AspNetCore.Antiforgery.Test/Internal/DefaultAntiforgeryTest.cs
@@ -2,14 +2,12 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
-using System.IO;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Internal;
using Microsoft.AspNetCore.Testing;
using Microsoft.Extensions.Options;
-using Microsoft.Extensions.WebEncoders.Testing;
using Moq;
using Xunit;
@@ -81,26 +79,6 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
exception.Message);
}
- [Fact]
- public void ChecksSSL_GetHtml_Throws()
- {
- // Arrange
- var httpContext = new DefaultHttpContext();
- var options = new AntiforgeryOptions()
- {
- RequireSsl = true
- };
-
- var antiforgery = GetAntiforgery(options);
-
- // Act & Assert
- var exception = Assert.Throws(() => antiforgery.GetHtml(httpContext));
- Assert.Equal(
- @"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
- "but the current request is not an SSL request.",
- exception.Message);
- }
-
[Fact]
public void ChecksSSL_GetAndStoreTokens_Throws()
{
@@ -164,136 +142,6 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
exception.Message);
}
- [Fact]
- public void GetHtml_ExistingInvalidCookieToken_GeneratesANewCookieAndAnAntiforgeryToken()
- {
- // Arrange
- var options = new AntiforgeryOptions()
- {
- FormFieldName = "form-field-name"
- };
-
- // Make sure the existing cookie is invalid.
- var context = CreateMockContext(options, isOldCookieValid: false);
- var antiforgery = GetAntiforgery(context);
- var encoder = new HtmlTestEncoder();
-
- // Setup so that the null cookie token returned is treated as invalid.
- context.TokenGenerator
- .Setup(o => o.IsCookieTokenValid(null))
- .Returns(false);
-
- // Act
- var inputElement = antiforgery.GetHtml(context.HttpContext);
-
- // Assert
- using (var writer = new StringWriter())
- {
- inputElement.WriteTo(writer, encoder);
-
- Assert.Equal(
- @"",
- writer.ToString());
- }
-
- context.TokenStore.Verify();
- }
-
- [Fact]
- public void GetHtml_ExistingInvalidCookieToken_SwallowsExceptions()
- {
- // Arrange
- var options = new AntiforgeryOptions()
- {
- FormFieldName = "form-field-name"
- };
-
- // Make sure the existing cookie is invalid.
- var context = CreateMockContext(options, isOldCookieValid: false);
- var antiforgery = GetAntiforgery(context);
-
- // This will cause the cookieToken to be null.
- context.TokenStore
- .Setup(o => o.GetCookieToken(context.HttpContext))
- .Throws(new Exception("should be swallowed"));
-
- // Setup so that the null cookie token returned is treated as invalid.
- context.TokenGenerator
- .Setup(o => o.IsCookieTokenValid(null))
- .Returns(false);
-
- var encoder = new HtmlTestEncoder();
-
- // Act
- var inputElement = antiforgery.GetHtml(context.HttpContext);
-
- // Assert
- using (var writer = new StringWriter())
- {
- inputElement.WriteTo(writer, encoder);
-
- Assert.Equal(
- @"",
- writer.ToString());
- }
-
- context.TokenStore.Verify();
- }
-
- [Fact]
- public void GetHtml_ExistingValidCookieToken_GeneratesAnAntiforgeryToken()
- {
- // Arrange
- var options = new AntiforgeryOptions()
- {
- FormFieldName = "form-field-name"
- };
-
- // Make sure the existing cookie is valid and use the same cookie for the mock Token Provider.
- var context = CreateMockContext(options, useOldCookie: true, isOldCookieValid: true);
- var antiforgery = GetAntiforgery(context);
- var encoder = new HtmlTestEncoder();
-
- // Act
- var inputElement = antiforgery.GetHtml(context.HttpContext);
-
- // Assert
- using (var writer = new StringWriter())
- {
- inputElement.WriteTo(writer, encoder);
-
- Assert.Equal(
- @"",
- writer.ToString());
- }
- }
-
- [Theory]
- [InlineData(false, "SAMEORIGIN")]
- [InlineData(true, null)]
- public void GetHtml_AddsXFrameOptionsHeader(bool suppressXFrameOptions, string expectedHeaderValue)
- {
- // Arrange
- var options = new AntiforgeryOptions()
- {
- SuppressXFrameOptionsHeader = suppressXFrameOptions
- };
-
- // Generate a new cookie.
- var context = CreateMockContext(options, useOldCookie: false, isOldCookieValid: false);
- var antiforgery = GetAntiforgery(context);
-
- // Act
- antiforgery.GetHtml(context.HttpContext);
-
- // Assert
- string xFrameOptions = context.HttpContext.Response.Headers["X-Frame-Options"];
- Assert.Equal(expectedHeaderValue, xFrameOptions);
- }
-
[Fact]
public void GetTokens_ExistingInvalidCookieToken_GeneratesANewCookieTokenAndANewFormToken()
{