Replace the ConfigureCookieOptions action property with the CookieBuilder

This commit is contained in:
Nate McMaster 2017-06-29 15:49:13 -07:00
parent cfe0e3012e
commit df41fd8ccc
9 changed files with 220 additions and 219 deletions

View File

@ -14,81 +14,45 @@ namespace Microsoft.AspNetCore.Antiforgery
private const string AntiforgeryTokenFieldName = "__RequestVerificationToken"; private const string AntiforgeryTokenFieldName = "__RequestVerificationToken";
private const string AntiforgeryTokenHeaderName = "RequestVerificationToken"; private const string AntiforgeryTokenHeaderName = "RequestVerificationToken";
private string _cookieName;
private string _formFieldName = AntiforgeryTokenFieldName; private string _formFieldName = AntiforgeryTokenFieldName;
private CookieBuilder _cookieBuilder = new CookieBuilder
{
SameSite = SameSiteMode.Strict,
HttpOnly = true
};
/// <summary> /// <summary>
/// The default cookie prefix, which is ".AspNetCore.Antiforgery.". /// The default cookie prefix, which is ".AspNetCore.Antiforgery.".
/// </summary> /// </summary>
public static readonly string DefaultCookiePrefix = ".AspNetCore.Antiforgery."; public static readonly string DefaultCookiePrefix = ".AspNetCore.Antiforgery.";
/// <summary> /// <summary>
/// Specifies the name of the cookie that is used by the antiforgery system. /// Determines the settings used to create the antiforgery cookies.
/// </summary> /// </summary>
/// <remarks> /// <remarks>
/// If an explicit name is not provided, the system will automatically generate a /// <para>
/// If an explicit <see cref="CookieBuilder.Name"/> is not provided, the system will automatically generate a
/// unique name that begins with <see cref="DefaultCookiePrefix"/>. /// unique name that begins with <see cref="DefaultCookiePrefix"/>.
/// </para>
/// <para>
/// <see cref="CookieBuilder.SameSite"/> defaults to <see cref="SameSiteMode.Strict"/>.
/// <see cref="CookieBuilder.HttpOnly"/> defaults to <c>true</c>.
/// </para>
/// </remarks> /// </remarks>
public string CookieName public CookieBuilder Cookie
{ {
get get => _cookieBuilder;
{ set => _cookieBuilder = value ?? throw new ArgumentNullException(nameof(value));
return _cookieName;
}
set
{
if (value == null)
{
throw new ArgumentNullException(nameof(value));
}
_cookieName = value;
}
} }
/// <summary>
/// This is obsolete and will be removed in a future version.
/// The recommended alternative is to use ConfigureCookieOptions.
/// The path set on the cookie. If set to <c>null</c>, the "path" attribute on the cookie is set to the current
/// request's <see cref="HttpRequest.PathBase"/> value. If the value of <see cref="HttpRequest.PathBase"/> is
/// <c>null</c> or empty, then the "path" attribute is set to the value of <see cref="CookieOptions.Path"/>.
/// </summary>
[Obsolete("This is obsolete and will be removed in a future version. The recommended alternative is to use ConfigureCookieOptions.")]
public PathString? CookiePath { get; set; }
/// <summary>
/// This is obsolete and will be removed in a future version.
/// The recommended alternative is to use ConfigureCookieOptions.
/// The domain set on the cookie. By default its <c>null</c> which results in the "domain" attribute not being set.
/// </summary>
[Obsolete("This is obsolete and will be removed in a future version. The recommended alternative is to use ConfigureCookieOptions.")]
public string CookieDomain { get; set; }
/// <summary>
/// Configures the <see cref="CookieOptions"/> of the antiforgery cookies. Without additional configuration, the
/// default values antiforgery cookie options are true for <see cref="CookieOptions.HttpOnly"/>, null for
/// <see cref="CookieOptions.Domain"/> and <see cref="SameSiteMode.Strict"/> for <see cref="CookieOptions.SameSite"/>.
/// </summary>
public Action<HttpContext, CookieOptions> ConfigureCookieOptions { get; set; }
/// <summary> /// <summary>
/// Specifies the name of the antiforgery token field that is used by the antiforgery system. /// Specifies the name of the antiforgery token field that is used by the antiforgery system.
/// </summary> /// </summary>
public string FormFieldName public string FormFieldName
{ {
get get => _formFieldName;
{ set => _formFieldName = value ?? throw new ArgumentNullException(nameof(value));
return _formFieldName;
}
set
{
if (value == null)
{
throw new ArgumentNullException(nameof(value));
}
_formFieldName = value;
}
} }
/// <summary> /// <summary>
@ -97,13 +61,6 @@ namespace Microsoft.AspNetCore.Antiforgery
/// </summary> /// </summary>
public string HeaderName { get; set; } = AntiforgeryTokenHeaderName; public string HeaderName { get; set; } = AntiforgeryTokenHeaderName;
/// <summary>
/// Specifies whether SSL is required for the antiforgery system
/// to operate. If this setting is 'true' and a non-SSL request
/// comes into the system, all antiforgery APIs will fail.
/// </summary>
public bool RequireSsl { get; set; }
/// <summary> /// <summary>
/// Specifies whether to suppress the generation of X-Frame-Options header /// Specifies whether to suppress the generation of X-Frame-Options header
/// which is used to prevent ClickJacking. By default, the X-Frame-Options /// which is used to prevent ClickJacking. By default, the X-Frame-Options
@ -111,5 +68,69 @@ namespace Microsoft.AspNetCore.Antiforgery
/// the X-Frame-Options header will not be generated for the response. /// the X-Frame-Options header will not be generated for the response.
/// </summary> /// </summary>
public bool SuppressXFrameOptionsHeader { get; set; } public bool SuppressXFrameOptionsHeader { get; set; }
#region Obsolete API
/// <summary>
/// <para>
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Name"/> on <see cref="Cookie"/>.
/// </para>
/// <para>
/// Specifies the name of the cookie that is used by the antiforgery system.
/// </para>
/// </summary>
/// <remarks>
/// If an explicit name is not provided, the system will automatically generate a
/// unique name that begins with <see cref="DefaultCookiePrefix"/>.
/// </remarks>
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Name) + ".")]
public string CookieName { get => Cookie.Name; set => Cookie.Name = value; }
/// <summary>
/// <para>
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Path"/> on <see cref="Cookie"/>.
/// </para>
/// <para>
/// The path set on the cookie. If set to <c>null</c>, the "path" attribute on the cookie is set to the current
/// request's <see cref="HttpRequest.PathBase"/> value. If the value of <see cref="HttpRequest.PathBase"/> is
/// <c>null</c> or empty, then the "path" attribute is set to the value of <see cref="CookieOptions.Path"/>.
/// </para>
/// </summary>
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Path) + ".")]
public PathString? CookiePath { get => Cookie.Path; set => Cookie.Path = value; }
/// <summary>
/// <para>
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Domain"/> on <see cref="Cookie"/>.
/// </para>
/// <para>
/// The domain set on the cookie. By default its <c>null</c> which results in the "domain" attribute not being set.
/// </para>
/// </summary>
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Domain) + ".")]
public string CookieDomain { get => Cookie.Domain; set => Cookie.Domain = value; }
/// <summary>
/// <para>
/// This property is obsolete and will be removed in a future version.
/// The recommended alternative is to set <seealso cref="CookieBuilder.SecurePolicy"/> on <see cref="Cookie"/>.
/// </para>
/// <para>
/// <c>true</c> is equivalent to <see cref="CookieSecurePolicy.Always"/>.
/// <c>false</c> is equivalent to <see cref="CookieSecurePolicy.None"/>.
/// </para>
/// <para>
/// Specifies whether SSL is required for the antiforgery system
/// to operate. If this setting is 'true' and a non-SSL request
/// comes into the system, all antiforgery APIs will fail.
/// </para>
/// </summary>
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is to set " + nameof(Cookie) + "." + nameof(CookieBuilder.SecurePolicy) + ".")]
public bool RequireSsl
{
get => Cookie.SecurePolicy == CookieSecurePolicy.Always;
set => Cookie.SecurePolicy = value ? CookieSecurePolicy.Always : CookieSecurePolicy.None;
}
#endregion
} }
} }

View File

@ -18,10 +18,10 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
public static void ConfigureOptions(AntiforgeryOptions options, DataProtectionOptions dataProtectionOptions) public static void ConfigureOptions(AntiforgeryOptions options, DataProtectionOptions dataProtectionOptions)
{ {
if (options.CookieName == null) if (options.Cookie.Name == null)
{ {
var applicationId = dataProtectionOptions.ApplicationDiscriminator ?? string.Empty; var applicationId = dataProtectionOptions.ApplicationDiscriminator ?? string.Empty;
options.CookieName = AntiforgeryOptions.DefaultCookiePrefix + ComputeCookieName(applicationId); options.Cookie.Name = AntiforgeryOptions.DefaultCookiePrefix + ComputeCookieName(applicationId);
} }
} }

View File

@ -111,7 +111,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var tokens = await _tokenStore.GetRequestTokensAsync(httpContext); var tokens = await _tokenStore.GetRequestTokensAsync(httpContext);
if (tokens.CookieToken == null) if (tokens.CookieToken == null)
{ {
_logger.MissingCookieToken(_options.CookieName); _logger.MissingCookieToken(_options.Cookie.Name);
return false; return false;
} }
@ -160,7 +160,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
if (tokens.CookieToken == null) if (tokens.CookieToken == null)
{ {
throw new AntiforgeryValidationException( throw new AntiforgeryValidationException(
Resources.FormatAntiforgery_CookieToken_MustBeProvided(_options.CookieName)); Resources.FormatAntiforgery_CookieToken_MustBeProvided(_options.Cookie.Name));
} }
if (tokens.RequestToken == null) if (tokens.RequestToken == null)
@ -265,12 +265,11 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
private void CheckSSLConfig(HttpContext context) private void CheckSSLConfig(HttpContext context)
{ {
if (_options.RequireSsl && !context.Request.IsHttps) if (_options.Cookie.SecurePolicy == CookieSecurePolicy.Always && !context.Request.IsHttps)
{ {
throw new InvalidOperationException(Resources.FormatAntiforgeryWorker_RequireSSL( throw new InvalidOperationException(Resources.FormatAntiforgery_RequiresSSL(
nameof(AntiforgeryOptions), string.Join(".", nameof(AntiforgeryOptions), nameof(AntiforgeryOptions.Cookie), nameof(CookieBuilder.SecurePolicy)),
nameof(AntiforgeryOptions.RequireSsl), nameof(CookieSecurePolicy.Always)));
"true"));
} }
} }

View File

@ -28,7 +28,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
{ {
Debug.Assert(httpContext != null); Debug.Assert(httpContext != null);
var requestCookie = httpContext.Request.Cookies[_options.CookieName]; var requestCookie = httpContext.Request.Cookies[_options.Cookie.Name];
if (string.IsNullOrEmpty(requestCookie)) if (string.IsNullOrEmpty(requestCookie))
{ {
// unable to find the cookie. // unable to find the cookie.
@ -42,7 +42,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
{ {
Debug.Assert(httpContext != null); Debug.Assert(httpContext != null);
var cookieToken = httpContext.Request.Cookies[_options.CookieName]; var cookieToken = httpContext.Request.Cookies[_options.Cookie.Name];
// We want to delay reading the form as much as possible, for example in case of large file uploads, // We want to delay reading the form as much as possible, for example in case of large file uploads,
// request token could be part of the header. // request token could be part of the header.
@ -69,22 +69,12 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
Debug.Assert(httpContext != null); Debug.Assert(httpContext != null);
Debug.Assert(token != null); Debug.Assert(token != null);
var options = new CookieOptions var options = _options.Cookie.Build(httpContext);
{
HttpOnly = true,
#pragma warning disable 618
Domain = _options.CookieDomain,
#pragma warning restore 618
SameSite = SameSiteMode.Strict,
Secure = _options.RequireSsl
};
#pragma warning disable 618 if (_options.Cookie.Path != null)
if (_options.CookiePath != null)
{ {
options.Path = _options.CookiePath.ToString(); options.Path = _options.Cookie.Path.ToString();
} }
#pragma warning restore 618
else else
{ {
var pathBase = httpContext.Request.PathBase.ToString(); var pathBase = httpContext.Request.PathBase.ToString();
@ -94,9 +84,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
} }
} }
_options.ConfigureCookieOptions?.Invoke(httpContext, options); httpContext.Response.Cookies.Append(_options.Cookie.Name, token, options);
httpContext.Response.Cookies.Append(_options.CookieName, token, options);
} }
} }
} }

View File

@ -15,248 +15,224 @@ namespace Microsoft.AspNetCore.Antiforgery
/// </summary> /// </summary>
internal static string AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername internal static string AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername
{ {
get { return GetString("AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername"); } get => GetString("AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername");
} }
/// <summary> /// <summary>
/// The provided identity of type '{0}' is marked {1} = {2} but does not have a value for {3}. By default, the antiforgery system requires that all authenticated identities have a unique {3}. If it is not possible to provide a unique {3} for this identity, consider extending {4} by overriding the {5} or a custom type that can provide some form of unique identifier for the current user. /// The provided identity of type '{0}' is marked {1} = {2} but does not have a value for {3}. By default, the antiforgery system requires that all authenticated identities have a unique {3}. If it is not possible to provide a unique {3} for this identity, consider extending {4} by overriding the {5} or a custom type that can provide some form of unique identifier for the current user.
/// </summary> /// </summary>
internal static string FormatAntiforgeryTokenValidator_AuthenticatedUserWithoutUsername(object p0, object p1, object p2, object p3, object p4, object p5) internal static string FormatAntiforgeryTokenValidator_AuthenticatedUserWithoutUsername(object p0, object p1, object p2, object p3, object p4, object p5)
{ => string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername"), p0, p1, p2, p3, p4, p5);
return string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername"), p0, p1, p2, p3, p4, p5);
}
/// <summary> /// <summary>
/// The provided antiforgery token failed a custom data check. /// The provided antiforgery token failed a custom data check.
/// </summary> /// </summary>
internal static string AntiforgeryToken_AdditionalDataCheckFailed internal static string AntiforgeryToken_AdditionalDataCheckFailed
{ {
get { return GetString("AntiforgeryToken_AdditionalDataCheckFailed"); } get => GetString("AntiforgeryToken_AdditionalDataCheckFailed");
} }
/// <summary> /// <summary>
/// The provided antiforgery token failed a custom data check. /// The provided antiforgery token failed a custom data check.
/// </summary> /// </summary>
internal static string FormatAntiforgeryToken_AdditionalDataCheckFailed() internal static string FormatAntiforgeryToken_AdditionalDataCheckFailed()
{ => GetString("AntiforgeryToken_AdditionalDataCheckFailed");
return GetString("AntiforgeryToken_AdditionalDataCheckFailed");
}
/// <summary> /// <summary>
/// The provided antiforgery token was meant for a different claims-based user than the current user. /// The provided antiforgery token was meant for a different claims-based user than the current user.
/// </summary> /// </summary>
internal static string AntiforgeryToken_ClaimUidMismatch internal static string AntiforgeryToken_ClaimUidMismatch
{ {
get { return GetString("AntiforgeryToken_ClaimUidMismatch"); } get => GetString("AntiforgeryToken_ClaimUidMismatch");
} }
/// <summary> /// <summary>
/// The provided antiforgery token was meant for a different claims-based user than the current user. /// The provided antiforgery token was meant for a different claims-based user than the current user.
/// </summary> /// </summary>
internal static string FormatAntiforgeryToken_ClaimUidMismatch() internal static string FormatAntiforgeryToken_ClaimUidMismatch()
{ => GetString("AntiforgeryToken_ClaimUidMismatch");
return GetString("AntiforgeryToken_ClaimUidMismatch");
}
/// <summary> /// <summary>
/// The antiforgery token could not be decrypted. /// The antiforgery token could not be decrypted.
/// </summary> /// </summary>
internal static string AntiforgeryToken_DeserializationFailed internal static string AntiforgeryToken_DeserializationFailed
{ {
get { return GetString("AntiforgeryToken_DeserializationFailed"); } get => GetString("AntiforgeryToken_DeserializationFailed");
} }
/// <summary> /// <summary>
/// The antiforgery token could not be decrypted. /// The antiforgery token could not be decrypted.
/// </summary> /// </summary>
internal static string FormatAntiforgeryToken_DeserializationFailed() internal static string FormatAntiforgeryToken_DeserializationFailed()
{ => GetString("AntiforgeryToken_DeserializationFailed");
return GetString("AntiforgeryToken_DeserializationFailed");
}
/// <summary> /// <summary>
/// The antiforgery cookie token and request token do not match. /// The antiforgery cookie token and request token do not match.
/// </summary> /// </summary>
internal static string AntiforgeryToken_SecurityTokenMismatch internal static string AntiforgeryToken_SecurityTokenMismatch
{ {
get { return GetString("AntiforgeryToken_SecurityTokenMismatch"); } get => GetString("AntiforgeryToken_SecurityTokenMismatch");
} }
/// <summary> /// <summary>
/// The antiforgery cookie token and request token do not match. /// The antiforgery cookie token and request token do not match.
/// </summary> /// </summary>
internal static string FormatAntiforgeryToken_SecurityTokenMismatch() internal static string FormatAntiforgeryToken_SecurityTokenMismatch()
{ => GetString("AntiforgeryToken_SecurityTokenMismatch");
return GetString("AntiforgeryToken_SecurityTokenMismatch");
}
/// <summary> /// <summary>
/// Validation of the provided antiforgery token failed. The cookie token and the request token were swapped. /// Validation of the provided antiforgery token failed. The cookie token and the request token were swapped.
/// </summary> /// </summary>
internal static string AntiforgeryToken_TokensSwapped internal static string AntiforgeryToken_TokensSwapped
{ {
get { return GetString("AntiforgeryToken_TokensSwapped"); } get => GetString("AntiforgeryToken_TokensSwapped");
} }
/// <summary> /// <summary>
/// Validation of the provided antiforgery token failed. The cookie token and the request token were swapped. /// Validation of the provided antiforgery token failed. The cookie token and the request token were swapped.
/// </summary> /// </summary>
internal static string FormatAntiforgeryToken_TokensSwapped() internal static string FormatAntiforgeryToken_TokensSwapped()
{ => GetString("AntiforgeryToken_TokensSwapped");
return GetString("AntiforgeryToken_TokensSwapped");
}
/// <summary> /// <summary>
/// The provided antiforgery token was meant for user "{0}", but the current user is "{1}". /// The provided antiforgery token was meant for user "{0}", but the current user is "{1}".
/// </summary> /// </summary>
internal static string AntiforgeryToken_UsernameMismatch internal static string AntiforgeryToken_UsernameMismatch
{ {
get { return GetString("AntiforgeryToken_UsernameMismatch"); } get => GetString("AntiforgeryToken_UsernameMismatch");
} }
/// <summary> /// <summary>
/// The provided antiforgery token was meant for user "{0}", but the current user is "{1}". /// The provided antiforgery token was meant for user "{0}", but the current user is "{1}".
/// </summary> /// </summary>
internal static string FormatAntiforgeryToken_UsernameMismatch(object p0, object p1) internal static string FormatAntiforgeryToken_UsernameMismatch(object p0, object p1)
{ => string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryToken_UsernameMismatch"), p0, p1);
return string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryToken_UsernameMismatch"), p0, p1);
}
/// <summary> /// <summary>
/// The antiforgery system has the configuration value {0}.{1} = {2}, but the current request is not an SSL request. /// The antiforgery cookie token is invalid.
/// </summary>
internal static string AntiforgeryWorker_RequireSSL
{
get { return GetString("AntiforgeryWorker_RequireSSL"); }
}
/// <summary>
/// The antiforgery system has the configuration value {0}.{1} = {2}, but the current request is not an SSL request.
/// </summary>
internal static string FormatAntiforgeryWorker_RequireSSL(object p0, object p1, object p2)
{
return string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryWorker_RequireSSL"), p0, p1, p2);
}
/// <summary>
/// The required antiforgery cookie "{0}" is not present.
/// </summary> /// </summary>
internal static string Antiforgery_CookieToken_IsInvalid internal static string Antiforgery_CookieToken_IsInvalid
{ {
get { return GetString("Antiforgery_CookieToken_IsInvalid"); } get => GetString("Antiforgery_CookieToken_IsInvalid");
} }
/// <summary>
/// The antiforgery cookie token is invalid.
/// </summary>
internal static string FormatAntiforgery_CookieToken_IsInvalid()
=> GetString("Antiforgery_CookieToken_IsInvalid");
/// <summary> /// <summary>
/// The required antiforgery cookie "{0}" is not present. /// The required antiforgery cookie "{0}" is not present.
/// </summary> /// </summary>
internal static string Antiforgery_CookieToken_MustBeProvided internal static string Antiforgery_CookieToken_MustBeProvided
{ {
get { return GetString("Antiforgery_CookieToken_MustBeProvided"); } get => GetString("Antiforgery_CookieToken_MustBeProvided");
} }
/// <summary> /// <summary>
/// The required antiforgery cookie "{0}" is not present. /// The required antiforgery cookie "{0}" is not present.
/// </summary> /// </summary>
internal static string FormatAntiforgery_CookieToken_MustBeProvided(object p0) internal static string FormatAntiforgery_CookieToken_MustBeProvided(object p0)
{ => string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_CookieToken_MustBeProvided"), p0);
return string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_CookieToken_MustBeProvided"), p0);
}
/// <summary> /// <summary>
/// The required antiforgery cookie token must be provided. /// The required antiforgery cookie token must be provided.
/// </summary> /// </summary>
internal static string Antiforgery_CookieToken_MustBeProvided_Generic internal static string Antiforgery_CookieToken_MustBeProvided_Generic
{ {
get { return GetString("Antiforgery_CookieToken_MustBeProvided_Generic"); } get => GetString("Antiforgery_CookieToken_MustBeProvided_Generic");
} }
/// <summary> /// <summary>
/// The required antiforgery cookie token must be provided. /// The required antiforgery cookie token must be provided.
/// </summary> /// </summary>
internal static string FormatAntiforgery_CookieToken_MustBeProvided_Generic() internal static string FormatAntiforgery_CookieToken_MustBeProvided_Generic()
{ => GetString("Antiforgery_CookieToken_MustBeProvided_Generic");
return GetString("Antiforgery_CookieToken_MustBeProvided_Generic");
}
/// <summary> /// <summary>
/// The required antiforgery form field "{0}" is not present. /// The required antiforgery form field "{0}" is not present.
/// </summary> /// </summary>
internal static string Antiforgery_FormToken_MustBeProvided internal static string Antiforgery_FormToken_MustBeProvided
{ {
get { return GetString("Antiforgery_FormToken_MustBeProvided"); } get => GetString("Antiforgery_FormToken_MustBeProvided");
} }
/// <summary> /// <summary>
/// The required antiforgery form field "{0}" is not present. /// The required antiforgery form field "{0}" is not present.
/// </summary> /// </summary>
internal static string FormatAntiforgery_FormToken_MustBeProvided(object p0) internal static string FormatAntiforgery_FormToken_MustBeProvided(object p0)
{ => string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_FormToken_MustBeProvided"), p0);
return string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_FormToken_MustBeProvided"), p0);
}
/// <summary> /// <summary>
/// The required antiforgery header value "{0}" is not present. /// The required antiforgery header value "{0}" is not present.
/// </summary> /// </summary>
internal static string Antiforgery_HeaderToken_MustBeProvided internal static string Antiforgery_HeaderToken_MustBeProvided
{ {
get { return GetString("Antiforgery_HeaderToken_MustBeProvided"); } get => GetString("Antiforgery_HeaderToken_MustBeProvided");
} }
/// <summary> /// <summary>
/// The required antiforgery header value "{0}" is not present. /// The required antiforgery header value "{0}" is not present.
/// </summary> /// </summary>
internal static string FormatAntiforgery_HeaderToken_MustBeProvided(object p0) internal static string FormatAntiforgery_HeaderToken_MustBeProvided(object p0)
{ => string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_HeaderToken_MustBeProvided"), p0);
return string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_HeaderToken_MustBeProvided"), p0);
}
/// <summary> /// <summary>
/// The required antiforgery request token was not provided in either form field "{0}" or header value "{1}". /// The required antiforgery request token was not provided in either form field "{0}" or header value "{1}".
/// </summary> /// </summary>
internal static string Antiforgery_RequestToken_MustBeProvided internal static string Antiforgery_RequestToken_MustBeProvided
{ {
get { return GetString("Antiforgery_RequestToken_MustBeProvided"); } get => GetString("Antiforgery_RequestToken_MustBeProvided");
} }
/// <summary> /// <summary>
/// The required antiforgery request token was not provided in either form field "{0}" or header value "{1}". /// The required antiforgery request token was not provided in either form field "{0}" or header value "{1}".
/// </summary> /// </summary>
internal static string FormatAntiforgery_RequestToken_MustBeProvided(object p0, object p1) internal static string FormatAntiforgery_RequestToken_MustBeProvided(object p0, object p1)
{ => string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_RequestToken_MustBeProvided"), p0, p1);
return string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_RequestToken_MustBeProvided"), p0, p1);
}
/// <summary> /// <summary>
/// The required antiforgery request token must be provided. /// The required antiforgery request token must be provided.
/// </summary> /// </summary>
internal static string Antiforgery_RequestToken_MustBeProvided_Generic internal static string Antiforgery_RequestToken_MustBeProvided_Generic
{ {
get { return GetString("Antiforgery_RequestToken_MustBeProvided_Generic"); } get => GetString("Antiforgery_RequestToken_MustBeProvided_Generic");
} }
/// <summary> /// <summary>
/// The required antiforgery request token must be provided. /// The required antiforgery request token must be provided.
/// </summary> /// </summary>
internal static string FormatAntiforgery_RequestToken_MustBeProvided_Generic() internal static string FormatAntiforgery_RequestToken_MustBeProvided_Generic()
=> GetString("Antiforgery_RequestToken_MustBeProvided_Generic");
/// <summary>
/// The antiforgery system has the configuration value {optionName} = {value}, but the current request is not an SSL request.
/// </summary>
internal static string Antiforgery_RequiresSSL
{ {
return GetString("Antiforgery_RequestToken_MustBeProvided_Generic"); get => GetString("Antiforgery_RequiresSSL");
} }
/// <summary>
/// The antiforgery system has the configuration value {optionName} = {value}, but the current request is not an SSL request.
/// </summary>
internal static string FormatAntiforgery_RequiresSSL(object optionName, object value)
=> string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_RequiresSSL", "optionName", "value"), optionName, value);
/// <summary> /// <summary>
/// Value cannot be null or empty. /// Value cannot be null or empty.
/// </summary> /// </summary>
internal static string ArgumentCannotBeNullOrEmpty internal static string ArgumentCannotBeNullOrEmpty
{ {
get { return GetString("ArgumentCannotBeNullOrEmpty"); } get => GetString("ArgumentCannotBeNullOrEmpty");
} }
/// <summary> /// <summary>
/// Value cannot be null or empty. /// Value cannot be null or empty.
/// </summary> /// </summary>
internal static string FormatArgumentCannotBeNullOrEmpty() internal static string FormatArgumentCannotBeNullOrEmpty()
{ => GetString("ArgumentCannotBeNullOrEmpty");
return GetString("ArgumentCannotBeNullOrEmpty");
}
private static string GetString(string name, params string[] formatterNames) private static string GetString(string name, params string[] formatterNames)
{ {

View File

@ -139,10 +139,6 @@
<data name="AntiforgeryToken_UsernameMismatch" xml:space="preserve"> <data name="AntiforgeryToken_UsernameMismatch" xml:space="preserve">
<value>The provided antiforgery token was meant for user "{0}", but the current user is "{1}".</value> <value>The provided antiforgery token was meant for user "{0}", but the current user is "{1}".</value>
</data> </data>
<data name="AntiforgeryWorker_RequireSSL" xml:space="preserve">
<value>The antiforgery system has the configuration value {0}.{1} = {2}, but the current request is not an SSL request.</value>
<comment>0 = nameof(AntiforgeryOptions), 1 = nameof(RequireSsl), 2 = bool.TrueString</comment>
</data>
<data name="Antiforgery_CookieToken_IsInvalid" xml:space="preserve"> <data name="Antiforgery_CookieToken_IsInvalid" xml:space="preserve">
<value>The antiforgery cookie token is invalid.</value> <value>The antiforgery cookie token is invalid.</value>
</data> </data>
@ -164,6 +160,9 @@
<data name="Antiforgery_RequestToken_MustBeProvided_Generic" xml:space="preserve"> <data name="Antiforgery_RequestToken_MustBeProvided_Generic" xml:space="preserve">
<value>The required antiforgery request token must be provided.</value> <value>The required antiforgery request token must be provided.</value>
</data> </data>
<data name="Antiforgery_RequiresSSL" xml:space="preserve">
<value>The antiforgery system has the configuration value {optionName} = {value}, but the current request is not an SSL request.</value>
</data>
<data name="ArgumentCannotBeNullOrEmpty" xml:space="preserve"> <data name="ArgumentCannotBeNullOrEmpty" xml:space="preserve">
<value>Value cannot be null or empty.</value> <value>Value cannot be null or empty.</value>
</data> </data>

View File

@ -28,7 +28,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var options = services.GetRequiredService<IOptions<AntiforgeryOptions>>(); var options = services.GetRequiredService<IOptions<AntiforgeryOptions>>();
// Act // Act
var cookieName = options.Value.CookieName; var cookieName = options.Value.Cookie.Name;
// Assert // Assert
Assert.Equal(expectedCookieName, cookieName); Assert.Equal(expectedCookieName, cookieName);
@ -41,8 +41,8 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var serviceCollection = new ServiceCollection(); var serviceCollection = new ServiceCollection();
serviceCollection.Configure<AntiforgeryOptions>(o => serviceCollection.Configure<AntiforgeryOptions>(o =>
{ {
Assert.Null(o.CookieName); Assert.Null(o.Cookie.Name);
o.CookieName = "antiforgery"; o.Cookie.Name = "antiforgery";
}); });
serviceCollection.AddAntiforgery(); serviceCollection.AddAntiforgery();
serviceCollection serviceCollection
@ -53,7 +53,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var options = services.GetRequiredService<IOptions<AntiforgeryOptions>>(); var options = services.GetRequiredService<IOptions<AntiforgeryOptions>>();
// Act // Act
var cookieName = options.Value.CookieName; var cookieName = options.Value.Cookie.Name;
// Assert // Assert
Assert.Equal("antiforgery", cookieName); Assert.Equal("antiforgery", cookieName);

View File

@ -28,9 +28,12 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
{ {
// Arrange // Arrange
var httpContext = GetHttpContext(); var httpContext = GetHttpContext();
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions
{ {
#pragma warning disable CS0618
// obsolete property still forwards to correctly to the new API
RequireSsl = true RequireSsl = true
#pragma warning restore CS0618
}; };
var antiforgery = GetAntiforgery(httpContext, options); var antiforgery = GetAntiforgery(httpContext, options);
@ -38,7 +41,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var exception = await Assert.ThrowsAsync<InvalidOperationException>( var exception = await Assert.ThrowsAsync<InvalidOperationException>(
() => antiforgery.ValidateRequestAsync(httpContext)); () => antiforgery.ValidateRequestAsync(httpContext));
Assert.Equal( Assert.Equal(
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " + @"The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, " +
"but the current request is not an SSL request.", "but the current request is not an SSL request.",
exception.Message); exception.Message);
} }
@ -50,7 +53,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var httpContext = GetHttpContext(); var httpContext = GetHttpContext();
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions()
{ {
RequireSsl = true Cookie = { SecurePolicy = CookieSecurePolicy.Always }
}; };
var antiforgery = GetAntiforgery(httpContext, options); var antiforgery = GetAntiforgery(httpContext, options);
@ -59,7 +62,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var exception = await Assert.ThrowsAsync<InvalidOperationException>( var exception = await Assert.ThrowsAsync<InvalidOperationException>(
() => antiforgery.IsRequestValidAsync(httpContext)); () => antiforgery.IsRequestValidAsync(httpContext));
Assert.Equal( Assert.Equal(
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " + @"The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, " +
"but the current request is not an SSL request.", "but the current request is not an SSL request.",
exception.Message); exception.Message);
} }
@ -71,7 +74,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var httpContext = GetHttpContext(); var httpContext = GetHttpContext();
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions()
{ {
RequireSsl = true Cookie = { SecurePolicy = CookieSecurePolicy.Always }
}; };
var antiforgery = GetAntiforgery(httpContext, options); var antiforgery = GetAntiforgery(httpContext, options);
@ -80,7 +83,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var exception = Assert.Throws<InvalidOperationException>( var exception = Assert.Throws<InvalidOperationException>(
() => antiforgery.GetAndStoreTokens(httpContext)); () => antiforgery.GetAndStoreTokens(httpContext));
Assert.Equal( Assert.Equal(
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " + @"The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, " +
"but the current request is not an SSL request.", "but the current request is not an SSL request.",
exception.Message); exception.Message);
} }
@ -92,7 +95,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var httpContext = GetHttpContext(); var httpContext = GetHttpContext();
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions()
{ {
RequireSsl = true Cookie = { SecurePolicy = CookieSecurePolicy.Always }
}; };
var antiforgery = GetAntiforgery(httpContext, options); var antiforgery = GetAntiforgery(httpContext, options);
@ -101,7 +104,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var exception = Assert.Throws<InvalidOperationException>( var exception = Assert.Throws<InvalidOperationException>(
() => antiforgery.GetTokens(httpContext)); () => antiforgery.GetTokens(httpContext));
Assert.Equal( Assert.Equal(
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " + @"The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, " +
"but the current request is not an SSL request.", "but the current request is not an SSL request.",
exception.Message); exception.Message);
} }
@ -113,7 +116,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var httpContext = GetHttpContext(); var httpContext = GetHttpContext();
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions()
{ {
RequireSsl = true Cookie = { SecurePolicy = CookieSecurePolicy.Always }
}; };
var antiforgery = GetAntiforgery(httpContext, options); var antiforgery = GetAntiforgery(httpContext, options);
@ -122,7 +125,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var exception = Assert.Throws<InvalidOperationException>( var exception = Assert.Throws<InvalidOperationException>(
() => antiforgery.SetCookieTokenAndHeader(httpContext)); () => antiforgery.SetCookieTokenAndHeader(httpContext));
Assert.Equal( Assert.Equal(
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " + @"The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, " +
"but the current request is not an SSL request.", "but the current request is not an SSL request.",
exception.Message); exception.Message);
} }
@ -745,7 +748,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
// Arrange // Arrange
var context = CreateMockContext(new AntiforgeryOptions() var context = CreateMockContext(new AntiforgeryOptions()
{ {
CookieName = "cookie-name", Cookie = { Name = "cookie-name" },
FormFieldName = "form-field-name", FormFieldName = "form-field-name",
HeaderName = null, HeaderName = null,
}); });
@ -769,7 +772,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
// Arrange // Arrange
var context = CreateMockContext(new AntiforgeryOptions() var context = CreateMockContext(new AntiforgeryOptions()
{ {
CookieName = "cookie-name", Cookie = { Name = "cookie-name" },
FormFieldName = "form-field-name", FormFieldName = "form-field-name",
HeaderName = null, HeaderName = null,
}); });
@ -793,7 +796,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
// Arrange // Arrange
var context = CreateMockContext(new AntiforgeryOptions() var context = CreateMockContext(new AntiforgeryOptions()
{ {
CookieName = "cookie-name", Cookie = { Name = "cookie-name" },
FormFieldName = "form-field-name", FormFieldName = "form-field-name",
HeaderName = "header-name", HeaderName = "header-name",
}); });
@ -819,7 +822,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
// Arrange // Arrange
var context = CreateMockContext(new AntiforgeryOptions() var context = CreateMockContext(new AntiforgeryOptions()
{ {
CookieName = "cookie-name", Cookie = { Name = "cookie-name" },
FormFieldName = "form-field-name", FormFieldName = "form-field-name",
HeaderName = "header-name", HeaderName = "header-name",
}); });

View File

@ -21,9 +21,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
{ {
// Arrange // Arrange
var httpContext = GetHttpContext(new RequestCookieCollection()); var httpContext = GetHttpContext(new RequestCookieCollection());
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions
{ {
CookieName = _cookieName Cookie = { Name = _cookieName }
}; };
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
@ -40,9 +40,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
{ {
// Arrange // Arrange
var httpContext = GetHttpContext(_cookieName, string.Empty); var httpContext = GetHttpContext(_cookieName, string.Empty);
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions
{ {
CookieName = _cookieName Cookie = { Name = _cookieName }
}; };
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
@ -61,9 +61,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var expectedToken = "valid-value"; var expectedToken = "valid-value";
var httpContext = GetHttpContext(_cookieName, expectedToken); var httpContext = GetHttpContext(_cookieName, expectedToken);
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions
{ {
CookieName = _cookieName Cookie = { Name = _cookieName }
}; };
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
@ -82,9 +82,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var httpContext = GetHttpContext(new RequestCookieCollection()); var httpContext = GetHttpContext(new RequestCookieCollection());
httpContext.Request.Form = FormCollection.Empty; httpContext.Request.Form = FormCollection.Empty;
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions
{ {
CookieName = "cookie-name", Cookie = { Name = "cookie-name" },
FormFieldName = "form-field-name", FormFieldName = "form-field-name",
}; };
@ -110,9 +110,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
}); // header value has priority. }); // header value has priority.
httpContext.Request.Headers.Add("header-name", "header-value"); httpContext.Request.Headers.Add("header-name", "header-value");
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions
{ {
CookieName = "cookie-name", Cookie = { Name = "cookie-name" },
FormFieldName = "form-field-name", FormFieldName = "form-field-name",
HeaderName = "header-name", HeaderName = "header-name",
}; };
@ -138,9 +138,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
{ "form-field-name", "form-value" }, { "form-field-name", "form-value" },
}); });
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions
{ {
CookieName = "cookie-name", Cookie = { Name = "cookie-name" },
FormFieldName = "form-field-name", FormFieldName = "form-field-name",
HeaderName = "header-name", HeaderName = "header-name",
}; };
@ -166,9 +166,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
// Will not be accessed // Will not be accessed
httpContext.Request.Form = null; httpContext.Request.Form = null;
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions
{ {
CookieName = "cookie-name", Cookie = { Name = "cookie-name" },
FormFieldName = "form-field-name", FormFieldName = "form-field-name",
HeaderName = "header-name", HeaderName = "header-name",
}; };
@ -193,9 +193,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
// Will not be accessed // Will not be accessed
httpContext.Request.Form = null; httpContext.Request.Form = null;
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions
{ {
CookieName = "cookie-name", Cookie = { Name = "cookie-name" },
FormFieldName = "form-field-name", FormFieldName = "form-field-name",
HeaderName = "header-name", HeaderName = "header-name",
}; };
@ -218,9 +218,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
httpContext.Request.ContentType = "application/x-www-form-urlencoded"; httpContext.Request.ContentType = "application/x-www-form-urlencoded";
httpContext.Request.Form = FormCollection.Empty; httpContext.Request.Form = FormCollection.Empty;
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions
{ {
CookieName = "cookie-name", Cookie = { Name = "cookie-name" },
FormFieldName = "form-field-name", FormFieldName = "form-field-name",
HeaderName = "header-name", HeaderName = "header-name",
}; };
@ -236,9 +236,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
} }
[Theory] [Theory]
[InlineData(true, true)] [InlineData(CookieSecurePolicy.Always, true)]
[InlineData(false, null)] [InlineData(CookieSecurePolicy.None, null)]
public void SaveCookieToken(bool requireSsl, bool? expectedCookieSecureFlag) public void SaveCookieToken(CookieSecurePolicy policy, bool? expectedCookieSecureFlag)
{ {
// Arrange // Arrange
var token = "serialized-value"; var token = "serialized-value";
@ -255,8 +255,11 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
var options = new AntiforgeryOptions() var options = new AntiforgeryOptions()
{ {
CookieName = _cookieName, Cookie =
RequireSsl = requireSsl {
Name = _cookieName,
SecurePolicy = policy
},
}; };
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
@ -294,8 +297,10 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
httpContext httpContext
.SetupGet(hc => hc.Request.Path) .SetupGet(hc => hc.Request.Path)
.Returns("/index.html"); .Returns("/index.html");
var options = new AntiforgeryOptions(); var options = new AntiforgeryOptions
options.CookieName = _cookieName; {
Cookie = { Name = _cookieName }
};
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
// Act // Act
@ -328,9 +333,14 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
httpContext httpContext
.SetupGet(hc => hc.Request.Path) .SetupGet(hc => hc.Request.Path)
.Returns("/index.html"); .Returns("/index.html");
var options = new AntiforgeryOptions(); var options = new AntiforgeryOptions
options.CookieName = _cookieName; {
options.ConfigureCookieOptions = (context, cookieOptions) => cookieOptions.Path = expectedCookiePath; Cookie =
{
Name = _cookieName,
Path = expectedCookiePath
}
};
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
// Act // Act
@ -362,9 +372,14 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
httpContext httpContext
.SetupGet(hc => hc.Request.Path) .SetupGet(hc => hc.Request.Path)
.Returns("/index.html"); .Returns("/index.html");
var options = new AntiforgeryOptions(); var options = new AntiforgeryOptions
options.CookieName = _cookieName; {
options.ConfigureCookieOptions = (context, cookieOptions) => cookieOptions.Domain = expectedCookieDomain; Cookie =
{
Name = _cookieName,
Domain = expectedCookieDomain
}
};
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options)); var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
// Act // Act
@ -407,10 +422,10 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
public void Append(string key, string value, CookieOptions options) public void Append(string key, string value, CookieOptions options)
{ {
this.Key = key; Key = key;
this.Value = value; Value = value;
this.Options = options; Options = options;
this.Count++; Count++;
} }
public void Append(string key, string value) public void Append(string key, string value)