Order IgnoreAntiforgeryTokenAttribute and add test
This commit is contained in:
parent
1b8d501a9e
commit
b2340d327e
|
|
@ -13,7 +13,22 @@ namespace Microsoft.AspNetCore.Mvc
|
||||||
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
|
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
|
||||||
public class IgnoreAntiforgeryTokenAttribute : Attribute, IAntiforgeryPolicy, IOrderedFilter
|
public class IgnoreAntiforgeryTokenAttribute : Attribute, IAntiforgeryPolicy, IOrderedFilter
|
||||||
{
|
{
|
||||||
/// <inheritdoc />
|
/// <summary>
|
||||||
public int Order { get; set; }
|
/// Gets the order value for determining the order of execution of filters. Filters execute in
|
||||||
|
/// ascending numeric value of the <see cref="Order"/> property.
|
||||||
|
/// </summary>
|
||||||
|
/// <remarks>
|
||||||
|
/// <para>
|
||||||
|
/// Filters are executed in an ordering determined by an ascending sort of the <see cref="Order"/> property.
|
||||||
|
/// </para>
|
||||||
|
/// <para>
|
||||||
|
/// The default Order for this attribute is 1000 because it must run after any filter which does authentication
|
||||||
|
/// or login in order to allow them to behave as expected (ie Unauthenticated or Redirect instead of 400).
|
||||||
|
/// </para>
|
||||||
|
/// <para>
|
||||||
|
/// Look at <see cref="IOrderedFilter.Order"/> for more detailed info.
|
||||||
|
/// </para>
|
||||||
|
/// </remarks>
|
||||||
|
public int Order { get; set; } = 1000;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -41,5 +41,15 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
|
||||||
Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
|
Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
|
||||||
Assert.Equal("/Home/Login", response.Headers.Location.AbsolutePath, StringComparer.OrdinalIgnoreCase);
|
Assert.Equal("/Home/Login", response.Headers.Location.AbsolutePath, StringComparer.OrdinalIgnoreCase);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public async Task IgnoreAntiforgeryOverridesAutoAntiforgery()
|
||||||
|
{
|
||||||
|
// Arrange & Act
|
||||||
|
var response = await Client.PostAsync("http://localhost/Antiforgery/Index", content: null);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,18 @@
|
||||||
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
|
using Microsoft.AspNetCore.Mvc;
|
||||||
|
|
||||||
|
namespace AjaxAntiForgeryValidation.Controllers
|
||||||
|
{
|
||||||
|
[AutoValidateAntiforgeryToken]
|
||||||
|
public class AntiforgeryController : Controller
|
||||||
|
{
|
||||||
|
[HttpPost]
|
||||||
|
[IgnoreAntiforgeryToken]
|
||||||
|
public IActionResult Index()
|
||||||
|
{
|
||||||
|
return Content("Ok");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue