diff --git a/src/Microsoft.AspNetCore.Antiforgery/AntiforgeryTokenSet.cs b/src/Microsoft.AspNetCore.Antiforgery/AntiforgeryTokenSet.cs
index 9446cba3c6..2b99141894 100644
--- a/src/Microsoft.AspNetCore.Antiforgery/AntiforgeryTokenSet.cs
+++ b/src/Microsoft.AspNetCore.Antiforgery/AntiforgeryTokenSet.cs
@@ -15,28 +15,52 @@ namespace Microsoft.AspNetCore.Antiforgery
///
/// The token that is supplied in the request.
/// The token that is supplied in the request cookie.
- public AntiforgeryTokenSet(string requestToken, string cookieToken)
+ /// The name of the form field used for the request token.
+ /// The name of the header used for the request token.
+ public AntiforgeryTokenSet(
+ string requestToken,
+ string cookieToken,
+ string formFieldName,
+ string headerName)
{
if (string.IsNullOrEmpty(requestToken))
{
throw new ArgumentException(Resources.ArgumentCannotBeNullOrEmpty, nameof(requestToken));
}
+ if (formFieldName == null)
+ {
+ throw new ArgumentNullException(nameof(formFieldName));
+ }
+
RequestToken = requestToken;
// Cookie Token is allowed to be null in the case when the old cookie is valid
// and there is no new cookieToken generated.
CookieToken = cookieToken;
+
+ FormFieldName = formFieldName;
+ HeaderName = headerName;
}
///
- /// The token that is supplied in the request.
+ /// Gets the request token.
///
- public string RequestToken { get; private set; }
+ public string RequestToken { get; }
- /// The cookie token is allowed to be null.
- /// This would be the case when the old cookie token is still valid.
- /// In such cases a call to GetTokens would return a token set with null cookie token.
- public string CookieToken { get; private set; }
+ ///
+ /// Gets the name of the form field used for the request token.
+ ///
+ public string FormFieldName { get; }
+
+ ///
+ /// Gets the name of the header used for the request token.
+ ///
+ public string HeaderName { get; }
+
+ ///
+ /// Gets the cookie token.
+ ///
+ public string CookieToken { get; }
}
}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Antiforgery/DefaultAntiforgery.cs b/src/Microsoft.AspNetCore.Antiforgery/DefaultAntiforgery.cs
index 2f602fb077..e0cbe2ada6 100644
--- a/src/Microsoft.AspNetCore.Antiforgery/DefaultAntiforgery.cs
+++ b/src/Microsoft.AspNetCore.Antiforgery/DefaultAntiforgery.cs
@@ -263,7 +263,9 @@ namespace Microsoft.AspNetCore.Antiforgery
{
return new AntiforgeryTokenSet(
tokenSet.RequestToken != null ? _tokenSerializer.Serialize(tokenSet.RequestToken) : null,
- tokenSet.CookieToken != null ? _tokenSerializer.Serialize(tokenSet.CookieToken) : null);
+ tokenSet.CookieToken != null ? _tokenSerializer.Serialize(tokenSet.CookieToken) : null,
+ _options.FormFieldName,
+ _options.HeaderName);
}
private class AntiforgeryTokenSetInternal
diff --git a/src/Microsoft.AspNetCore.Antiforgery/DefaultAntiforgeryTokenStore.cs b/src/Microsoft.AspNetCore.Antiforgery/DefaultAntiforgeryTokenStore.cs
index 5d9328f031..72b6eee169 100644
--- a/src/Microsoft.AspNetCore.Antiforgery/DefaultAntiforgeryTokenStore.cs
+++ b/src/Microsoft.AspNetCore.Antiforgery/DefaultAntiforgeryTokenStore.cs
@@ -108,7 +108,7 @@ namespace Microsoft.AspNetCore.Antiforgery
}
}
- return new AntiforgeryTokenSet(requestToken, requestCookie);
+ return new AntiforgeryTokenSet(requestToken, requestCookie, _options.FormFieldName, _options.HeaderName);
}
public void SaveCookieToken(HttpContext httpContext, AntiforgeryToken token)
diff --git a/test/Microsoft.AspNetCore.Antiforgery.Test/DefaultAntiforgeryTest.cs b/test/Microsoft.AspNetCore.Antiforgery.Test/DefaultAntiforgeryTest.cs
index cba6a7dce4..dedcac76ee 100644
--- a/test/Microsoft.AspNetCore.Antiforgery.Test/DefaultAntiforgeryTest.cs
+++ b/test/Microsoft.AspNetCore.Antiforgery.Test/DefaultAntiforgeryTest.cs
@@ -5,7 +5,6 @@ using System;
using System.IO;
using System.Security.Claims;
using System.Threading.Tasks;
-using Microsoft.AspNetCore.Html;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Internal;
using Microsoft.AspNetCore.Testing;
@@ -75,9 +74,11 @@ namespace Microsoft.AspNetCore.Antiforgery
var antiforgery = GetAntiforgery(options);
+ var tokenSet = new AntiforgeryTokenSet("hello", "world", "form", "header");
+
// Act & Assert
var exception = Assert.Throws(
- () => antiforgery.ValidateTokens(httpContext, new AntiforgeryTokenSet("hello", "world")));
+ () => antiforgery.ValidateTokens(httpContext, tokenSet));
Assert.Equal(
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
"but the current request is not an SSL request.",
@@ -431,11 +432,13 @@ namespace Microsoft.AspNetCore.Antiforgery
context.TokenSerializer.Object,
tokenStore: null);
+ var tokenSet = new AntiforgeryTokenSet("form-token", "cookie-token", "form", "header");
+
// Act & Assert
var exception = Assert.Throws(
() => antiforgery.ValidateTokens(
context.HttpContext,
- new AntiforgeryTokenSet("form-token", "cookie-token")));
+ tokenSet));
Assert.Equal("my-message", exception.Message);
}
@@ -464,8 +467,10 @@ namespace Microsoft.AspNetCore.Antiforgery
context.TokenStore = null;
var antiforgery = GetAntiforgery(context);
+ var tokenSet = new AntiforgeryTokenSet("form-token", "cookie-token", "form", "header");
+
// Act
- antiforgery.ValidateTokens(context.HttpContext, new AntiforgeryTokenSet("form-token", "cookie-token"));
+ antiforgery.ValidateTokens(context.HttpContext, tokenSet);
// Assert
context.TokenGenerator.Verify();
@@ -478,8 +483,7 @@ namespace Microsoft.AspNetCore.Antiforgery
var context = CreateMockContext(new AntiforgeryOptions());
var antiforgery = GetAntiforgery(context);
- var tokenSet = new AntiforgeryTokenSet("hi", cookieToken: null);
-
+ var tokenSet = new AntiforgeryTokenSet("form-token", null, "form", "header");
// Act
ExceptionAssert.ThrowsArgument(
@@ -661,7 +665,9 @@ namespace Microsoft.AspNetCore.Antiforgery
mockTokenStore.Setup(o => o.GetRequestTokensAsync(context))
.Returns(() => Task.FromResult(new AntiforgeryTokenSet(
testTokenSet.FormTokenString,
- testTokenSet.OldCookieTokenString)));
+ testTokenSet.OldCookieTokenString,
+ "form",
+ "header")));
if (saveNewCookie)
{