Replace the ConfigureCookieOptions action property with the CookieBuilder
This commit is contained in:
parent
cfe0e3012e
commit
df41fd8ccc
|
|
@ -14,81 +14,45 @@ namespace Microsoft.AspNetCore.Antiforgery
|
||||||
private const string AntiforgeryTokenFieldName = "__RequestVerificationToken";
|
private const string AntiforgeryTokenFieldName = "__RequestVerificationToken";
|
||||||
private const string AntiforgeryTokenHeaderName = "RequestVerificationToken";
|
private const string AntiforgeryTokenHeaderName = "RequestVerificationToken";
|
||||||
|
|
||||||
private string _cookieName;
|
|
||||||
private string _formFieldName = AntiforgeryTokenFieldName;
|
private string _formFieldName = AntiforgeryTokenFieldName;
|
||||||
|
|
||||||
|
private CookieBuilder _cookieBuilder = new CookieBuilder
|
||||||
|
{
|
||||||
|
SameSite = SameSiteMode.Strict,
|
||||||
|
HttpOnly = true
|
||||||
|
};
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The default cookie prefix, which is ".AspNetCore.Antiforgery.".
|
/// The default cookie prefix, which is ".AspNetCore.Antiforgery.".
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public static readonly string DefaultCookiePrefix = ".AspNetCore.Antiforgery.";
|
public static readonly string DefaultCookiePrefix = ".AspNetCore.Antiforgery.";
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Specifies the name of the cookie that is used by the antiforgery system.
|
/// Determines the settings used to create the antiforgery cookies.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <remarks>
|
/// <remarks>
|
||||||
/// If an explicit name is not provided, the system will automatically generate a
|
/// <para>
|
||||||
|
/// If an explicit <see cref="CookieBuilder.Name"/> is not provided, the system will automatically generate a
|
||||||
/// unique name that begins with <see cref="DefaultCookiePrefix"/>.
|
/// unique name that begins with <see cref="DefaultCookiePrefix"/>.
|
||||||
|
/// </para>
|
||||||
|
/// <para>
|
||||||
|
/// <see cref="CookieBuilder.SameSite"/> defaults to <see cref="SameSiteMode.Strict"/>.
|
||||||
|
/// <see cref="CookieBuilder.HttpOnly"/> defaults to <c>true</c>.
|
||||||
|
/// </para>
|
||||||
/// </remarks>
|
/// </remarks>
|
||||||
public string CookieName
|
public CookieBuilder Cookie
|
||||||
{
|
{
|
||||||
get
|
get => _cookieBuilder;
|
||||||
{
|
set => _cookieBuilder = value ?? throw new ArgumentNullException(nameof(value));
|
||||||
return _cookieName;
|
|
||||||
}
|
|
||||||
set
|
|
||||||
{
|
|
||||||
if (value == null)
|
|
||||||
{
|
|
||||||
throw new ArgumentNullException(nameof(value));
|
|
||||||
}
|
|
||||||
|
|
||||||
_cookieName = value;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// This is obsolete and will be removed in a future version.
|
|
||||||
/// The recommended alternative is to use ConfigureCookieOptions.
|
|
||||||
/// The path set on the cookie. If set to <c>null</c>, the "path" attribute on the cookie is set to the current
|
|
||||||
/// request's <see cref="HttpRequest.PathBase"/> value. If the value of <see cref="HttpRequest.PathBase"/> is
|
|
||||||
/// <c>null</c> or empty, then the "path" attribute is set to the value of <see cref="CookieOptions.Path"/>.
|
|
||||||
/// </summary>
|
|
||||||
[Obsolete("This is obsolete and will be removed in a future version. The recommended alternative is to use ConfigureCookieOptions.")]
|
|
||||||
public PathString? CookiePath { get; set; }
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// This is obsolete and will be removed in a future version.
|
|
||||||
/// The recommended alternative is to use ConfigureCookieOptions.
|
|
||||||
/// The domain set on the cookie. By default its <c>null</c> which results in the "domain" attribute not being set.
|
|
||||||
/// </summary>
|
|
||||||
[Obsolete("This is obsolete and will be removed in a future version. The recommended alternative is to use ConfigureCookieOptions.")]
|
|
||||||
public string CookieDomain { get; set; }
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Configures the <see cref="CookieOptions"/> of the antiforgery cookies. Without additional configuration, the
|
|
||||||
/// default values antiforgery cookie options are true for <see cref="CookieOptions.HttpOnly"/>, null for
|
|
||||||
/// <see cref="CookieOptions.Domain"/> and <see cref="SameSiteMode.Strict"/> for <see cref="CookieOptions.SameSite"/>.
|
|
||||||
/// </summary>
|
|
||||||
public Action<HttpContext, CookieOptions> ConfigureCookieOptions { get; set; }
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Specifies the name of the antiforgery token field that is used by the antiforgery system.
|
/// Specifies the name of the antiforgery token field that is used by the antiforgery system.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public string FormFieldName
|
public string FormFieldName
|
||||||
{
|
{
|
||||||
get
|
get => _formFieldName;
|
||||||
{
|
set => _formFieldName = value ?? throw new ArgumentNullException(nameof(value));
|
||||||
return _formFieldName;
|
|
||||||
}
|
|
||||||
set
|
|
||||||
{
|
|
||||||
if (value == null)
|
|
||||||
{
|
|
||||||
throw new ArgumentNullException(nameof(value));
|
|
||||||
}
|
|
||||||
|
|
||||||
_formFieldName = value;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
|
|
@ -97,13 +61,6 @@ namespace Microsoft.AspNetCore.Antiforgery
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public string HeaderName { get; set; } = AntiforgeryTokenHeaderName;
|
public string HeaderName { get; set; } = AntiforgeryTokenHeaderName;
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Specifies whether SSL is required for the antiforgery system
|
|
||||||
/// to operate. If this setting is 'true' and a non-SSL request
|
|
||||||
/// comes into the system, all antiforgery APIs will fail.
|
|
||||||
/// </summary>
|
|
||||||
public bool RequireSsl { get; set; }
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Specifies whether to suppress the generation of X-Frame-Options header
|
/// Specifies whether to suppress the generation of X-Frame-Options header
|
||||||
/// which is used to prevent ClickJacking. By default, the X-Frame-Options
|
/// which is used to prevent ClickJacking. By default, the X-Frame-Options
|
||||||
|
|
@ -111,5 +68,69 @@ namespace Microsoft.AspNetCore.Antiforgery
|
||||||
/// the X-Frame-Options header will not be generated for the response.
|
/// the X-Frame-Options header will not be generated for the response.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public bool SuppressXFrameOptionsHeader { get; set; }
|
public bool SuppressXFrameOptionsHeader { get; set; }
|
||||||
|
|
||||||
|
#region Obsolete API
|
||||||
|
/// <summary>
|
||||||
|
/// <para>
|
||||||
|
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Name"/> on <see cref="Cookie"/>.
|
||||||
|
/// </para>
|
||||||
|
/// <para>
|
||||||
|
/// Specifies the name of the cookie that is used by the antiforgery system.
|
||||||
|
/// </para>
|
||||||
|
/// </summary>
|
||||||
|
/// <remarks>
|
||||||
|
/// If an explicit name is not provided, the system will automatically generate a
|
||||||
|
/// unique name that begins with <see cref="DefaultCookiePrefix"/>.
|
||||||
|
/// </remarks>
|
||||||
|
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Name) + ".")]
|
||||||
|
public string CookieName { get => Cookie.Name; set => Cookie.Name = value; }
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// <para>
|
||||||
|
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Path"/> on <see cref="Cookie"/>.
|
||||||
|
/// </para>
|
||||||
|
/// <para>
|
||||||
|
/// The path set on the cookie. If set to <c>null</c>, the "path" attribute on the cookie is set to the current
|
||||||
|
/// request's <see cref="HttpRequest.PathBase"/> value. If the value of <see cref="HttpRequest.PathBase"/> is
|
||||||
|
/// <c>null</c> or empty, then the "path" attribute is set to the value of <see cref="CookieOptions.Path"/>.
|
||||||
|
/// </para>
|
||||||
|
/// </summary>
|
||||||
|
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Path) + ".")]
|
||||||
|
public PathString? CookiePath { get => Cookie.Path; set => Cookie.Path = value; }
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// <para>
|
||||||
|
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Domain"/> on <see cref="Cookie"/>.
|
||||||
|
/// </para>
|
||||||
|
/// <para>
|
||||||
|
/// The domain set on the cookie. By default its <c>null</c> which results in the "domain" attribute not being set.
|
||||||
|
/// </para>
|
||||||
|
/// </summary>
|
||||||
|
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Domain) + ".")]
|
||||||
|
public string CookieDomain { get => Cookie.Domain; set => Cookie.Domain = value; }
|
||||||
|
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// <para>
|
||||||
|
/// This property is obsolete and will be removed in a future version.
|
||||||
|
/// The recommended alternative is to set <seealso cref="CookieBuilder.SecurePolicy"/> on <see cref="Cookie"/>.
|
||||||
|
/// </para>
|
||||||
|
/// <para>
|
||||||
|
/// <c>true</c> is equivalent to <see cref="CookieSecurePolicy.Always"/>.
|
||||||
|
/// <c>false</c> is equivalent to <see cref="CookieSecurePolicy.None"/>.
|
||||||
|
/// </para>
|
||||||
|
/// <para>
|
||||||
|
/// Specifies whether SSL is required for the antiforgery system
|
||||||
|
/// to operate. If this setting is 'true' and a non-SSL request
|
||||||
|
/// comes into the system, all antiforgery APIs will fail.
|
||||||
|
/// </para>
|
||||||
|
/// </summary>
|
||||||
|
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is to set " + nameof(Cookie) + "." + nameof(CookieBuilder.SecurePolicy) + ".")]
|
||||||
|
public bool RequireSsl
|
||||||
|
{
|
||||||
|
get => Cookie.SecurePolicy == CookieSecurePolicy.Always;
|
||||||
|
set => Cookie.SecurePolicy = value ? CookieSecurePolicy.Always : CookieSecurePolicy.None;
|
||||||
|
}
|
||||||
|
#endregion
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -18,10 +18,10 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
|
|
||||||
public static void ConfigureOptions(AntiforgeryOptions options, DataProtectionOptions dataProtectionOptions)
|
public static void ConfigureOptions(AntiforgeryOptions options, DataProtectionOptions dataProtectionOptions)
|
||||||
{
|
{
|
||||||
if (options.CookieName == null)
|
if (options.Cookie.Name == null)
|
||||||
{
|
{
|
||||||
var applicationId = dataProtectionOptions.ApplicationDiscriminator ?? string.Empty;
|
var applicationId = dataProtectionOptions.ApplicationDiscriminator ?? string.Empty;
|
||||||
options.CookieName = AntiforgeryOptions.DefaultCookiePrefix + ComputeCookieName(applicationId);
|
options.Cookie.Name = AntiforgeryOptions.DefaultCookiePrefix + ComputeCookieName(applicationId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -111,7 +111,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var tokens = await _tokenStore.GetRequestTokensAsync(httpContext);
|
var tokens = await _tokenStore.GetRequestTokensAsync(httpContext);
|
||||||
if (tokens.CookieToken == null)
|
if (tokens.CookieToken == null)
|
||||||
{
|
{
|
||||||
_logger.MissingCookieToken(_options.CookieName);
|
_logger.MissingCookieToken(_options.Cookie.Name);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -160,7 +160,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
if (tokens.CookieToken == null)
|
if (tokens.CookieToken == null)
|
||||||
{
|
{
|
||||||
throw new AntiforgeryValidationException(
|
throw new AntiforgeryValidationException(
|
||||||
Resources.FormatAntiforgery_CookieToken_MustBeProvided(_options.CookieName));
|
Resources.FormatAntiforgery_CookieToken_MustBeProvided(_options.Cookie.Name));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tokens.RequestToken == null)
|
if (tokens.RequestToken == null)
|
||||||
|
|
@ -265,12 +265,11 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
|
|
||||||
private void CheckSSLConfig(HttpContext context)
|
private void CheckSSLConfig(HttpContext context)
|
||||||
{
|
{
|
||||||
if (_options.RequireSsl && !context.Request.IsHttps)
|
if (_options.Cookie.SecurePolicy == CookieSecurePolicy.Always && !context.Request.IsHttps)
|
||||||
{
|
{
|
||||||
throw new InvalidOperationException(Resources.FormatAntiforgeryWorker_RequireSSL(
|
throw new InvalidOperationException(Resources.FormatAntiforgery_RequiresSSL(
|
||||||
nameof(AntiforgeryOptions),
|
string.Join(".", nameof(AntiforgeryOptions), nameof(AntiforgeryOptions.Cookie), nameof(CookieBuilder.SecurePolicy)),
|
||||||
nameof(AntiforgeryOptions.RequireSsl),
|
nameof(CookieSecurePolicy.Always)));
|
||||||
"true"));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
{
|
{
|
||||||
Debug.Assert(httpContext != null);
|
Debug.Assert(httpContext != null);
|
||||||
|
|
||||||
var requestCookie = httpContext.Request.Cookies[_options.CookieName];
|
var requestCookie = httpContext.Request.Cookies[_options.Cookie.Name];
|
||||||
if (string.IsNullOrEmpty(requestCookie))
|
if (string.IsNullOrEmpty(requestCookie))
|
||||||
{
|
{
|
||||||
// unable to find the cookie.
|
// unable to find the cookie.
|
||||||
|
|
@ -42,7 +42,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
{
|
{
|
||||||
Debug.Assert(httpContext != null);
|
Debug.Assert(httpContext != null);
|
||||||
|
|
||||||
var cookieToken = httpContext.Request.Cookies[_options.CookieName];
|
var cookieToken = httpContext.Request.Cookies[_options.Cookie.Name];
|
||||||
|
|
||||||
// We want to delay reading the form as much as possible, for example in case of large file uploads,
|
// We want to delay reading the form as much as possible, for example in case of large file uploads,
|
||||||
// request token could be part of the header.
|
// request token could be part of the header.
|
||||||
|
|
@ -69,22 +69,12 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
Debug.Assert(httpContext != null);
|
Debug.Assert(httpContext != null);
|
||||||
Debug.Assert(token != null);
|
Debug.Assert(token != null);
|
||||||
|
|
||||||
var options = new CookieOptions
|
var options = _options.Cookie.Build(httpContext);
|
||||||
{
|
|
||||||
HttpOnly = true,
|
|
||||||
#pragma warning disable 618
|
|
||||||
Domain = _options.CookieDomain,
|
|
||||||
#pragma warning restore 618
|
|
||||||
SameSite = SameSiteMode.Strict,
|
|
||||||
Secure = _options.RequireSsl
|
|
||||||
};
|
|
||||||
|
|
||||||
#pragma warning disable 618
|
if (_options.Cookie.Path != null)
|
||||||
if (_options.CookiePath != null)
|
|
||||||
{
|
{
|
||||||
options.Path = _options.CookiePath.ToString();
|
options.Path = _options.Cookie.Path.ToString();
|
||||||
}
|
}
|
||||||
#pragma warning restore 618
|
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
var pathBase = httpContext.Request.PathBase.ToString();
|
var pathBase = httpContext.Request.PathBase.ToString();
|
||||||
|
|
@ -94,9 +84,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
_options.ConfigureCookieOptions?.Invoke(httpContext, options);
|
httpContext.Response.Cookies.Append(_options.Cookie.Name, token, options);
|
||||||
|
|
||||||
httpContext.Response.Cookies.Append(_options.CookieName, token, options);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -15,248 +15,224 @@ namespace Microsoft.AspNetCore.Antiforgery
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername
|
internal static string AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername
|
||||||
{
|
{
|
||||||
get { return GetString("AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername"); }
|
get => GetString("AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The provided identity of type '{0}' is marked {1} = {2} but does not have a value for {3}. By default, the antiforgery system requires that all authenticated identities have a unique {3}. If it is not possible to provide a unique {3} for this identity, consider extending {4} by overriding the {5} or a custom type that can provide some form of unique identifier for the current user.
|
/// The provided identity of type '{0}' is marked {1} = {2} but does not have a value for {3}. By default, the antiforgery system requires that all authenticated identities have a unique {3}. If it is not possible to provide a unique {3} for this identity, consider extending {4} by overriding the {5} or a custom type that can provide some form of unique identifier for the current user.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgeryTokenValidator_AuthenticatedUserWithoutUsername(object p0, object p1, object p2, object p3, object p4, object p5)
|
internal static string FormatAntiforgeryTokenValidator_AuthenticatedUserWithoutUsername(object p0, object p1, object p2, object p3, object p4, object p5)
|
||||||
{
|
=> string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername"), p0, p1, p2, p3, p4, p5);
|
||||||
return string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryTokenValidator_AuthenticatedUserWithoutUsername"), p0, p1, p2, p3, p4, p5);
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The provided antiforgery token failed a custom data check.
|
/// The provided antiforgery token failed a custom data check.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string AntiforgeryToken_AdditionalDataCheckFailed
|
internal static string AntiforgeryToken_AdditionalDataCheckFailed
|
||||||
{
|
{
|
||||||
get { return GetString("AntiforgeryToken_AdditionalDataCheckFailed"); }
|
get => GetString("AntiforgeryToken_AdditionalDataCheckFailed");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The provided antiforgery token failed a custom data check.
|
/// The provided antiforgery token failed a custom data check.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgeryToken_AdditionalDataCheckFailed()
|
internal static string FormatAntiforgeryToken_AdditionalDataCheckFailed()
|
||||||
{
|
=> GetString("AntiforgeryToken_AdditionalDataCheckFailed");
|
||||||
return GetString("AntiforgeryToken_AdditionalDataCheckFailed");
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The provided antiforgery token was meant for a different claims-based user than the current user.
|
/// The provided antiforgery token was meant for a different claims-based user than the current user.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string AntiforgeryToken_ClaimUidMismatch
|
internal static string AntiforgeryToken_ClaimUidMismatch
|
||||||
{
|
{
|
||||||
get { return GetString("AntiforgeryToken_ClaimUidMismatch"); }
|
get => GetString("AntiforgeryToken_ClaimUidMismatch");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The provided antiforgery token was meant for a different claims-based user than the current user.
|
/// The provided antiforgery token was meant for a different claims-based user than the current user.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgeryToken_ClaimUidMismatch()
|
internal static string FormatAntiforgeryToken_ClaimUidMismatch()
|
||||||
{
|
=> GetString("AntiforgeryToken_ClaimUidMismatch");
|
||||||
return GetString("AntiforgeryToken_ClaimUidMismatch");
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The antiforgery token could not be decrypted.
|
/// The antiforgery token could not be decrypted.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string AntiforgeryToken_DeserializationFailed
|
internal static string AntiforgeryToken_DeserializationFailed
|
||||||
{
|
{
|
||||||
get { return GetString("AntiforgeryToken_DeserializationFailed"); }
|
get => GetString("AntiforgeryToken_DeserializationFailed");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The antiforgery token could not be decrypted.
|
/// The antiforgery token could not be decrypted.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgeryToken_DeserializationFailed()
|
internal static string FormatAntiforgeryToken_DeserializationFailed()
|
||||||
{
|
=> GetString("AntiforgeryToken_DeserializationFailed");
|
||||||
return GetString("AntiforgeryToken_DeserializationFailed");
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The antiforgery cookie token and request token do not match.
|
/// The antiforgery cookie token and request token do not match.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string AntiforgeryToken_SecurityTokenMismatch
|
internal static string AntiforgeryToken_SecurityTokenMismatch
|
||||||
{
|
{
|
||||||
get { return GetString("AntiforgeryToken_SecurityTokenMismatch"); }
|
get => GetString("AntiforgeryToken_SecurityTokenMismatch");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The antiforgery cookie token and request token do not match.
|
/// The antiforgery cookie token and request token do not match.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgeryToken_SecurityTokenMismatch()
|
internal static string FormatAntiforgeryToken_SecurityTokenMismatch()
|
||||||
{
|
=> GetString("AntiforgeryToken_SecurityTokenMismatch");
|
||||||
return GetString("AntiforgeryToken_SecurityTokenMismatch");
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Validation of the provided antiforgery token failed. The cookie token and the request token were swapped.
|
/// Validation of the provided antiforgery token failed. The cookie token and the request token were swapped.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string AntiforgeryToken_TokensSwapped
|
internal static string AntiforgeryToken_TokensSwapped
|
||||||
{
|
{
|
||||||
get { return GetString("AntiforgeryToken_TokensSwapped"); }
|
get => GetString("AntiforgeryToken_TokensSwapped");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Validation of the provided antiforgery token failed. The cookie token and the request token were swapped.
|
/// Validation of the provided antiforgery token failed. The cookie token and the request token were swapped.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgeryToken_TokensSwapped()
|
internal static string FormatAntiforgeryToken_TokensSwapped()
|
||||||
{
|
=> GetString("AntiforgeryToken_TokensSwapped");
|
||||||
return GetString("AntiforgeryToken_TokensSwapped");
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The provided antiforgery token was meant for user "{0}", but the current user is "{1}".
|
/// The provided antiforgery token was meant for user "{0}", but the current user is "{1}".
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string AntiforgeryToken_UsernameMismatch
|
internal static string AntiforgeryToken_UsernameMismatch
|
||||||
{
|
{
|
||||||
get { return GetString("AntiforgeryToken_UsernameMismatch"); }
|
get => GetString("AntiforgeryToken_UsernameMismatch");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The provided antiforgery token was meant for user "{0}", but the current user is "{1}".
|
/// The provided antiforgery token was meant for user "{0}", but the current user is "{1}".
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgeryToken_UsernameMismatch(object p0, object p1)
|
internal static string FormatAntiforgeryToken_UsernameMismatch(object p0, object p1)
|
||||||
{
|
=> string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryToken_UsernameMismatch"), p0, p1);
|
||||||
return string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryToken_UsernameMismatch"), p0, p1);
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The antiforgery system has the configuration value {0}.{1} = {2}, but the current request is not an SSL request.
|
/// The antiforgery cookie token is invalid.
|
||||||
/// </summary>
|
|
||||||
internal static string AntiforgeryWorker_RequireSSL
|
|
||||||
{
|
|
||||||
get { return GetString("AntiforgeryWorker_RequireSSL"); }
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// The antiforgery system has the configuration value {0}.{1} = {2}, but the current request is not an SSL request.
|
|
||||||
/// </summary>
|
|
||||||
internal static string FormatAntiforgeryWorker_RequireSSL(object p0, object p1, object p2)
|
|
||||||
{
|
|
||||||
return string.Format(CultureInfo.CurrentCulture, GetString("AntiforgeryWorker_RequireSSL"), p0, p1, p2);
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// The required antiforgery cookie "{0}" is not present.
|
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string Antiforgery_CookieToken_IsInvalid
|
internal static string Antiforgery_CookieToken_IsInvalid
|
||||||
{
|
{
|
||||||
get { return GetString("Antiforgery_CookieToken_IsInvalid"); }
|
get => GetString("Antiforgery_CookieToken_IsInvalid");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// The antiforgery cookie token is invalid.
|
||||||
|
/// </summary>
|
||||||
|
internal static string FormatAntiforgery_CookieToken_IsInvalid()
|
||||||
|
=> GetString("Antiforgery_CookieToken_IsInvalid");
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The required antiforgery cookie "{0}" is not present.
|
/// The required antiforgery cookie "{0}" is not present.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string Antiforgery_CookieToken_MustBeProvided
|
internal static string Antiforgery_CookieToken_MustBeProvided
|
||||||
{
|
{
|
||||||
get { return GetString("Antiforgery_CookieToken_MustBeProvided"); }
|
get => GetString("Antiforgery_CookieToken_MustBeProvided");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The required antiforgery cookie "{0}" is not present.
|
/// The required antiforgery cookie "{0}" is not present.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgery_CookieToken_MustBeProvided(object p0)
|
internal static string FormatAntiforgery_CookieToken_MustBeProvided(object p0)
|
||||||
{
|
=> string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_CookieToken_MustBeProvided"), p0);
|
||||||
return string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_CookieToken_MustBeProvided"), p0);
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The required antiforgery cookie token must be provided.
|
/// The required antiforgery cookie token must be provided.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string Antiforgery_CookieToken_MustBeProvided_Generic
|
internal static string Antiforgery_CookieToken_MustBeProvided_Generic
|
||||||
{
|
{
|
||||||
get { return GetString("Antiforgery_CookieToken_MustBeProvided_Generic"); }
|
get => GetString("Antiforgery_CookieToken_MustBeProvided_Generic");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The required antiforgery cookie token must be provided.
|
/// The required antiforgery cookie token must be provided.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgery_CookieToken_MustBeProvided_Generic()
|
internal static string FormatAntiforgery_CookieToken_MustBeProvided_Generic()
|
||||||
{
|
=> GetString("Antiforgery_CookieToken_MustBeProvided_Generic");
|
||||||
return GetString("Antiforgery_CookieToken_MustBeProvided_Generic");
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The required antiforgery form field "{0}" is not present.
|
/// The required antiforgery form field "{0}" is not present.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string Antiforgery_FormToken_MustBeProvided
|
internal static string Antiforgery_FormToken_MustBeProvided
|
||||||
{
|
{
|
||||||
get { return GetString("Antiforgery_FormToken_MustBeProvided"); }
|
get => GetString("Antiforgery_FormToken_MustBeProvided");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The required antiforgery form field "{0}" is not present.
|
/// The required antiforgery form field "{0}" is not present.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgery_FormToken_MustBeProvided(object p0)
|
internal static string FormatAntiforgery_FormToken_MustBeProvided(object p0)
|
||||||
{
|
=> string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_FormToken_MustBeProvided"), p0);
|
||||||
return string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_FormToken_MustBeProvided"), p0);
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The required antiforgery header value "{0}" is not present.
|
/// The required antiforgery header value "{0}" is not present.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string Antiforgery_HeaderToken_MustBeProvided
|
internal static string Antiforgery_HeaderToken_MustBeProvided
|
||||||
{
|
{
|
||||||
get { return GetString("Antiforgery_HeaderToken_MustBeProvided"); }
|
get => GetString("Antiforgery_HeaderToken_MustBeProvided");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The required antiforgery header value "{0}" is not present.
|
/// The required antiforgery header value "{0}" is not present.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgery_HeaderToken_MustBeProvided(object p0)
|
internal static string FormatAntiforgery_HeaderToken_MustBeProvided(object p0)
|
||||||
{
|
=> string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_HeaderToken_MustBeProvided"), p0);
|
||||||
return string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_HeaderToken_MustBeProvided"), p0);
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The required antiforgery request token was not provided in either form field "{0}" or header value "{1}".
|
/// The required antiforgery request token was not provided in either form field "{0}" or header value "{1}".
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string Antiforgery_RequestToken_MustBeProvided
|
internal static string Antiforgery_RequestToken_MustBeProvided
|
||||||
{
|
{
|
||||||
get { return GetString("Antiforgery_RequestToken_MustBeProvided"); }
|
get => GetString("Antiforgery_RequestToken_MustBeProvided");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The required antiforgery request token was not provided in either form field "{0}" or header value "{1}".
|
/// The required antiforgery request token was not provided in either form field "{0}" or header value "{1}".
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgery_RequestToken_MustBeProvided(object p0, object p1)
|
internal static string FormatAntiforgery_RequestToken_MustBeProvided(object p0, object p1)
|
||||||
{
|
=> string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_RequestToken_MustBeProvided"), p0, p1);
|
||||||
return string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_RequestToken_MustBeProvided"), p0, p1);
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The required antiforgery request token must be provided.
|
/// The required antiforgery request token must be provided.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string Antiforgery_RequestToken_MustBeProvided_Generic
|
internal static string Antiforgery_RequestToken_MustBeProvided_Generic
|
||||||
{
|
{
|
||||||
get { return GetString("Antiforgery_RequestToken_MustBeProvided_Generic"); }
|
get => GetString("Antiforgery_RequestToken_MustBeProvided_Generic");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The required antiforgery request token must be provided.
|
/// The required antiforgery request token must be provided.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatAntiforgery_RequestToken_MustBeProvided_Generic()
|
internal static string FormatAntiforgery_RequestToken_MustBeProvided_Generic()
|
||||||
|
=> GetString("Antiforgery_RequestToken_MustBeProvided_Generic");
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// The antiforgery system has the configuration value {optionName} = {value}, but the current request is not an SSL request.
|
||||||
|
/// </summary>
|
||||||
|
internal static string Antiforgery_RequiresSSL
|
||||||
{
|
{
|
||||||
return GetString("Antiforgery_RequestToken_MustBeProvided_Generic");
|
get => GetString("Antiforgery_RequiresSSL");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// The antiforgery system has the configuration value {optionName} = {value}, but the current request is not an SSL request.
|
||||||
|
/// </summary>
|
||||||
|
internal static string FormatAntiforgery_RequiresSSL(object optionName, object value)
|
||||||
|
=> string.Format(CultureInfo.CurrentCulture, GetString("Antiforgery_RequiresSSL", "optionName", "value"), optionName, value);
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Value cannot be null or empty.
|
/// Value cannot be null or empty.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string ArgumentCannotBeNullOrEmpty
|
internal static string ArgumentCannotBeNullOrEmpty
|
||||||
{
|
{
|
||||||
get { return GetString("ArgumentCannotBeNullOrEmpty"); }
|
get => GetString("ArgumentCannotBeNullOrEmpty");
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Value cannot be null or empty.
|
/// Value cannot be null or empty.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
internal static string FormatArgumentCannotBeNullOrEmpty()
|
internal static string FormatArgumentCannotBeNullOrEmpty()
|
||||||
{
|
=> GetString("ArgumentCannotBeNullOrEmpty");
|
||||||
return GetString("ArgumentCannotBeNullOrEmpty");
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string GetString(string name, params string[] formatterNames)
|
private static string GetString(string name, params string[] formatterNames)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -139,10 +139,6 @@
|
||||||
<data name="AntiforgeryToken_UsernameMismatch" xml:space="preserve">
|
<data name="AntiforgeryToken_UsernameMismatch" xml:space="preserve">
|
||||||
<value>The provided antiforgery token was meant for user "{0}", but the current user is "{1}".</value>
|
<value>The provided antiforgery token was meant for user "{0}", but the current user is "{1}".</value>
|
||||||
</data>
|
</data>
|
||||||
<data name="AntiforgeryWorker_RequireSSL" xml:space="preserve">
|
|
||||||
<value>The antiforgery system has the configuration value {0}.{1} = {2}, but the current request is not an SSL request.</value>
|
|
||||||
<comment>0 = nameof(AntiforgeryOptions), 1 = nameof(RequireSsl), 2 = bool.TrueString</comment>
|
|
||||||
</data>
|
|
||||||
<data name="Antiforgery_CookieToken_IsInvalid" xml:space="preserve">
|
<data name="Antiforgery_CookieToken_IsInvalid" xml:space="preserve">
|
||||||
<value>The antiforgery cookie token is invalid.</value>
|
<value>The antiforgery cookie token is invalid.</value>
|
||||||
</data>
|
</data>
|
||||||
|
|
@ -164,6 +160,9 @@
|
||||||
<data name="Antiforgery_RequestToken_MustBeProvided_Generic" xml:space="preserve">
|
<data name="Antiforgery_RequestToken_MustBeProvided_Generic" xml:space="preserve">
|
||||||
<value>The required antiforgery request token must be provided.</value>
|
<value>The required antiforgery request token must be provided.</value>
|
||||||
</data>
|
</data>
|
||||||
|
<data name="Antiforgery_RequiresSSL" xml:space="preserve">
|
||||||
|
<value>The antiforgery system has the configuration value {optionName} = {value}, but the current request is not an SSL request.</value>
|
||||||
|
</data>
|
||||||
<data name="ArgumentCannotBeNullOrEmpty" xml:space="preserve">
|
<data name="ArgumentCannotBeNullOrEmpty" xml:space="preserve">
|
||||||
<value>Value cannot be null or empty.</value>
|
<value>Value cannot be null or empty.</value>
|
||||||
</data>
|
</data>
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var options = services.GetRequiredService<IOptions<AntiforgeryOptions>>();
|
var options = services.GetRequiredService<IOptions<AntiforgeryOptions>>();
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var cookieName = options.Value.CookieName;
|
var cookieName = options.Value.Cookie.Name;
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Equal(expectedCookieName, cookieName);
|
Assert.Equal(expectedCookieName, cookieName);
|
||||||
|
|
@ -41,8 +41,8 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var serviceCollection = new ServiceCollection();
|
var serviceCollection = new ServiceCollection();
|
||||||
serviceCollection.Configure<AntiforgeryOptions>(o =>
|
serviceCollection.Configure<AntiforgeryOptions>(o =>
|
||||||
{
|
{
|
||||||
Assert.Null(o.CookieName);
|
Assert.Null(o.Cookie.Name);
|
||||||
o.CookieName = "antiforgery";
|
o.Cookie.Name = "antiforgery";
|
||||||
});
|
});
|
||||||
serviceCollection.AddAntiforgery();
|
serviceCollection.AddAntiforgery();
|
||||||
serviceCollection
|
serviceCollection
|
||||||
|
|
@ -53,7 +53,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var options = services.GetRequiredService<IOptions<AntiforgeryOptions>>();
|
var options = services.GetRequiredService<IOptions<AntiforgeryOptions>>();
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var cookieName = options.Value.CookieName;
|
var cookieName = options.Value.Cookie.Name;
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Equal("antiforgery", cookieName);
|
Assert.Equal("antiforgery", cookieName);
|
||||||
|
|
|
||||||
|
|
@ -28,9 +28,12 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
{
|
{
|
||||||
// Arrange
|
// Arrange
|
||||||
var httpContext = GetHttpContext();
|
var httpContext = GetHttpContext();
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions
|
||||||
{
|
{
|
||||||
|
#pragma warning disable CS0618
|
||||||
|
// obsolete property still forwards to correctly to the new API
|
||||||
RequireSsl = true
|
RequireSsl = true
|
||||||
|
#pragma warning restore CS0618
|
||||||
};
|
};
|
||||||
var antiforgery = GetAntiforgery(httpContext, options);
|
var antiforgery = GetAntiforgery(httpContext, options);
|
||||||
|
|
||||||
|
|
@ -38,7 +41,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var exception = await Assert.ThrowsAsync<InvalidOperationException>(
|
var exception = await Assert.ThrowsAsync<InvalidOperationException>(
|
||||||
() => antiforgery.ValidateRequestAsync(httpContext));
|
() => antiforgery.ValidateRequestAsync(httpContext));
|
||||||
Assert.Equal(
|
Assert.Equal(
|
||||||
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
|
@"The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, " +
|
||||||
"but the current request is not an SSL request.",
|
"but the current request is not an SSL request.",
|
||||||
exception.Message);
|
exception.Message);
|
||||||
}
|
}
|
||||||
|
|
@ -50,7 +53,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var httpContext = GetHttpContext();
|
var httpContext = GetHttpContext();
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions()
|
||||||
{
|
{
|
||||||
RequireSsl = true
|
Cookie = { SecurePolicy = CookieSecurePolicy.Always }
|
||||||
};
|
};
|
||||||
|
|
||||||
var antiforgery = GetAntiforgery(httpContext, options);
|
var antiforgery = GetAntiforgery(httpContext, options);
|
||||||
|
|
@ -59,7 +62,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var exception = await Assert.ThrowsAsync<InvalidOperationException>(
|
var exception = await Assert.ThrowsAsync<InvalidOperationException>(
|
||||||
() => antiforgery.IsRequestValidAsync(httpContext));
|
() => antiforgery.IsRequestValidAsync(httpContext));
|
||||||
Assert.Equal(
|
Assert.Equal(
|
||||||
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
|
@"The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, " +
|
||||||
"but the current request is not an SSL request.",
|
"but the current request is not an SSL request.",
|
||||||
exception.Message);
|
exception.Message);
|
||||||
}
|
}
|
||||||
|
|
@ -71,7 +74,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var httpContext = GetHttpContext();
|
var httpContext = GetHttpContext();
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions()
|
||||||
{
|
{
|
||||||
RequireSsl = true
|
Cookie = { SecurePolicy = CookieSecurePolicy.Always }
|
||||||
};
|
};
|
||||||
|
|
||||||
var antiforgery = GetAntiforgery(httpContext, options);
|
var antiforgery = GetAntiforgery(httpContext, options);
|
||||||
|
|
@ -80,7 +83,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var exception = Assert.Throws<InvalidOperationException>(
|
var exception = Assert.Throws<InvalidOperationException>(
|
||||||
() => antiforgery.GetAndStoreTokens(httpContext));
|
() => antiforgery.GetAndStoreTokens(httpContext));
|
||||||
Assert.Equal(
|
Assert.Equal(
|
||||||
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
|
@"The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, " +
|
||||||
"but the current request is not an SSL request.",
|
"but the current request is not an SSL request.",
|
||||||
exception.Message);
|
exception.Message);
|
||||||
}
|
}
|
||||||
|
|
@ -92,7 +95,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var httpContext = GetHttpContext();
|
var httpContext = GetHttpContext();
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions()
|
||||||
{
|
{
|
||||||
RequireSsl = true
|
Cookie = { SecurePolicy = CookieSecurePolicy.Always }
|
||||||
};
|
};
|
||||||
|
|
||||||
var antiforgery = GetAntiforgery(httpContext, options);
|
var antiforgery = GetAntiforgery(httpContext, options);
|
||||||
|
|
@ -101,7 +104,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var exception = Assert.Throws<InvalidOperationException>(
|
var exception = Assert.Throws<InvalidOperationException>(
|
||||||
() => antiforgery.GetTokens(httpContext));
|
() => antiforgery.GetTokens(httpContext));
|
||||||
Assert.Equal(
|
Assert.Equal(
|
||||||
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
|
@"The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, " +
|
||||||
"but the current request is not an SSL request.",
|
"but the current request is not an SSL request.",
|
||||||
exception.Message);
|
exception.Message);
|
||||||
}
|
}
|
||||||
|
|
@ -113,7 +116,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var httpContext = GetHttpContext();
|
var httpContext = GetHttpContext();
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions()
|
||||||
{
|
{
|
||||||
RequireSsl = true
|
Cookie = { SecurePolicy = CookieSecurePolicy.Always }
|
||||||
};
|
};
|
||||||
|
|
||||||
var antiforgery = GetAntiforgery(httpContext, options);
|
var antiforgery = GetAntiforgery(httpContext, options);
|
||||||
|
|
@ -122,7 +125,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var exception = Assert.Throws<InvalidOperationException>(
|
var exception = Assert.Throws<InvalidOperationException>(
|
||||||
() => antiforgery.SetCookieTokenAndHeader(httpContext));
|
() => antiforgery.SetCookieTokenAndHeader(httpContext));
|
||||||
Assert.Equal(
|
Assert.Equal(
|
||||||
@"The antiforgery system has the configuration value AntiforgeryOptions.RequireSsl = true, " +
|
@"The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, " +
|
||||||
"but the current request is not an SSL request.",
|
"but the current request is not an SSL request.",
|
||||||
exception.Message);
|
exception.Message);
|
||||||
}
|
}
|
||||||
|
|
@ -745,7 +748,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
// Arrange
|
// Arrange
|
||||||
var context = CreateMockContext(new AntiforgeryOptions()
|
var context = CreateMockContext(new AntiforgeryOptions()
|
||||||
{
|
{
|
||||||
CookieName = "cookie-name",
|
Cookie = { Name = "cookie-name" },
|
||||||
FormFieldName = "form-field-name",
|
FormFieldName = "form-field-name",
|
||||||
HeaderName = null,
|
HeaderName = null,
|
||||||
});
|
});
|
||||||
|
|
@ -769,7 +772,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
// Arrange
|
// Arrange
|
||||||
var context = CreateMockContext(new AntiforgeryOptions()
|
var context = CreateMockContext(new AntiforgeryOptions()
|
||||||
{
|
{
|
||||||
CookieName = "cookie-name",
|
Cookie = { Name = "cookie-name" },
|
||||||
FormFieldName = "form-field-name",
|
FormFieldName = "form-field-name",
|
||||||
HeaderName = null,
|
HeaderName = null,
|
||||||
});
|
});
|
||||||
|
|
@ -793,7 +796,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
// Arrange
|
// Arrange
|
||||||
var context = CreateMockContext(new AntiforgeryOptions()
|
var context = CreateMockContext(new AntiforgeryOptions()
|
||||||
{
|
{
|
||||||
CookieName = "cookie-name",
|
Cookie = { Name = "cookie-name" },
|
||||||
FormFieldName = "form-field-name",
|
FormFieldName = "form-field-name",
|
||||||
HeaderName = "header-name",
|
HeaderName = "header-name",
|
||||||
});
|
});
|
||||||
|
|
@ -819,7 +822,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
// Arrange
|
// Arrange
|
||||||
var context = CreateMockContext(new AntiforgeryOptions()
|
var context = CreateMockContext(new AntiforgeryOptions()
|
||||||
{
|
{
|
||||||
CookieName = "cookie-name",
|
Cookie = { Name = "cookie-name" },
|
||||||
FormFieldName = "form-field-name",
|
FormFieldName = "form-field-name",
|
||||||
HeaderName = "header-name",
|
HeaderName = "header-name",
|
||||||
});
|
});
|
||||||
|
|
|
||||||
|
|
@ -21,9 +21,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
{
|
{
|
||||||
// Arrange
|
// Arrange
|
||||||
var httpContext = GetHttpContext(new RequestCookieCollection());
|
var httpContext = GetHttpContext(new RequestCookieCollection());
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions
|
||||||
{
|
{
|
||||||
CookieName = _cookieName
|
Cookie = { Name = _cookieName }
|
||||||
};
|
};
|
||||||
|
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
||||||
|
|
@ -40,9 +40,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
{
|
{
|
||||||
// Arrange
|
// Arrange
|
||||||
var httpContext = GetHttpContext(_cookieName, string.Empty);
|
var httpContext = GetHttpContext(_cookieName, string.Empty);
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions
|
||||||
{
|
{
|
||||||
CookieName = _cookieName
|
Cookie = { Name = _cookieName }
|
||||||
};
|
};
|
||||||
|
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
||||||
|
|
@ -61,9 +61,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var expectedToken = "valid-value";
|
var expectedToken = "valid-value";
|
||||||
var httpContext = GetHttpContext(_cookieName, expectedToken);
|
var httpContext = GetHttpContext(_cookieName, expectedToken);
|
||||||
|
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions
|
||||||
{
|
{
|
||||||
CookieName = _cookieName
|
Cookie = { Name = _cookieName }
|
||||||
};
|
};
|
||||||
|
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
||||||
|
|
@ -82,9 +82,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var httpContext = GetHttpContext(new RequestCookieCollection());
|
var httpContext = GetHttpContext(new RequestCookieCollection());
|
||||||
httpContext.Request.Form = FormCollection.Empty;
|
httpContext.Request.Form = FormCollection.Empty;
|
||||||
|
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions
|
||||||
{
|
{
|
||||||
CookieName = "cookie-name",
|
Cookie = { Name = "cookie-name" },
|
||||||
FormFieldName = "form-field-name",
|
FormFieldName = "form-field-name",
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -110,9 +110,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
}); // header value has priority.
|
}); // header value has priority.
|
||||||
httpContext.Request.Headers.Add("header-name", "header-value");
|
httpContext.Request.Headers.Add("header-name", "header-value");
|
||||||
|
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions
|
||||||
{
|
{
|
||||||
CookieName = "cookie-name",
|
Cookie = { Name = "cookie-name" },
|
||||||
FormFieldName = "form-field-name",
|
FormFieldName = "form-field-name",
|
||||||
HeaderName = "header-name",
|
HeaderName = "header-name",
|
||||||
};
|
};
|
||||||
|
|
@ -138,9 +138,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
{ "form-field-name", "form-value" },
|
{ "form-field-name", "form-value" },
|
||||||
});
|
});
|
||||||
|
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions
|
||||||
{
|
{
|
||||||
CookieName = "cookie-name",
|
Cookie = { Name = "cookie-name" },
|
||||||
FormFieldName = "form-field-name",
|
FormFieldName = "form-field-name",
|
||||||
HeaderName = "header-name",
|
HeaderName = "header-name",
|
||||||
};
|
};
|
||||||
|
|
@ -166,9 +166,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
// Will not be accessed
|
// Will not be accessed
|
||||||
httpContext.Request.Form = null;
|
httpContext.Request.Form = null;
|
||||||
|
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions
|
||||||
{
|
{
|
||||||
CookieName = "cookie-name",
|
Cookie = { Name = "cookie-name" },
|
||||||
FormFieldName = "form-field-name",
|
FormFieldName = "form-field-name",
|
||||||
HeaderName = "header-name",
|
HeaderName = "header-name",
|
||||||
};
|
};
|
||||||
|
|
@ -193,9 +193,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
// Will not be accessed
|
// Will not be accessed
|
||||||
httpContext.Request.Form = null;
|
httpContext.Request.Form = null;
|
||||||
|
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions
|
||||||
{
|
{
|
||||||
CookieName = "cookie-name",
|
Cookie = { Name = "cookie-name" },
|
||||||
FormFieldName = "form-field-name",
|
FormFieldName = "form-field-name",
|
||||||
HeaderName = "header-name",
|
HeaderName = "header-name",
|
||||||
};
|
};
|
||||||
|
|
@ -218,9 +218,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
httpContext.Request.ContentType = "application/x-www-form-urlencoded";
|
httpContext.Request.ContentType = "application/x-www-form-urlencoded";
|
||||||
httpContext.Request.Form = FormCollection.Empty;
|
httpContext.Request.Form = FormCollection.Empty;
|
||||||
|
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions
|
||||||
{
|
{
|
||||||
CookieName = "cookie-name",
|
Cookie = { Name = "cookie-name" },
|
||||||
FormFieldName = "form-field-name",
|
FormFieldName = "form-field-name",
|
||||||
HeaderName = "header-name",
|
HeaderName = "header-name",
|
||||||
};
|
};
|
||||||
|
|
@ -236,9 +236,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
}
|
}
|
||||||
|
|
||||||
[Theory]
|
[Theory]
|
||||||
[InlineData(true, true)]
|
[InlineData(CookieSecurePolicy.Always, true)]
|
||||||
[InlineData(false, null)]
|
[InlineData(CookieSecurePolicy.None, null)]
|
||||||
public void SaveCookieToken(bool requireSsl, bool? expectedCookieSecureFlag)
|
public void SaveCookieToken(CookieSecurePolicy policy, bool? expectedCookieSecureFlag)
|
||||||
{
|
{
|
||||||
// Arrange
|
// Arrange
|
||||||
var token = "serialized-value";
|
var token = "serialized-value";
|
||||||
|
|
@ -255,8 +255,11 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
|
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions()
|
||||||
{
|
{
|
||||||
CookieName = _cookieName,
|
Cookie =
|
||||||
RequireSsl = requireSsl
|
{
|
||||||
|
Name = _cookieName,
|
||||||
|
SecurePolicy = policy
|
||||||
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
||||||
|
|
@ -294,8 +297,10 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
httpContext
|
httpContext
|
||||||
.SetupGet(hc => hc.Request.Path)
|
.SetupGet(hc => hc.Request.Path)
|
||||||
.Returns("/index.html");
|
.Returns("/index.html");
|
||||||
var options = new AntiforgeryOptions();
|
var options = new AntiforgeryOptions
|
||||||
options.CookieName = _cookieName;
|
{
|
||||||
|
Cookie = { Name = _cookieName }
|
||||||
|
};
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
|
|
@ -328,9 +333,14 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
httpContext
|
httpContext
|
||||||
.SetupGet(hc => hc.Request.Path)
|
.SetupGet(hc => hc.Request.Path)
|
||||||
.Returns("/index.html");
|
.Returns("/index.html");
|
||||||
var options = new AntiforgeryOptions();
|
var options = new AntiforgeryOptions
|
||||||
options.CookieName = _cookieName;
|
{
|
||||||
options.ConfigureCookieOptions = (context, cookieOptions) => cookieOptions.Path = expectedCookiePath;
|
Cookie =
|
||||||
|
{
|
||||||
|
Name = _cookieName,
|
||||||
|
Path = expectedCookiePath
|
||||||
|
}
|
||||||
|
};
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
|
|
@ -362,9 +372,14 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
httpContext
|
httpContext
|
||||||
.SetupGet(hc => hc.Request.Path)
|
.SetupGet(hc => hc.Request.Path)
|
||||||
.Returns("/index.html");
|
.Returns("/index.html");
|
||||||
var options = new AntiforgeryOptions();
|
var options = new AntiforgeryOptions
|
||||||
options.CookieName = _cookieName;
|
{
|
||||||
options.ConfigureCookieOptions = (context, cookieOptions) => cookieOptions.Domain = expectedCookieDomain;
|
Cookie =
|
||||||
|
{
|
||||||
|
Name = _cookieName,
|
||||||
|
Domain = expectedCookieDomain
|
||||||
|
}
|
||||||
|
};
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
|
|
@ -407,10 +422,10 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
|
|
||||||
public void Append(string key, string value, CookieOptions options)
|
public void Append(string key, string value, CookieOptions options)
|
||||||
{
|
{
|
||||||
this.Key = key;
|
Key = key;
|
||||||
this.Value = value;
|
Value = value;
|
||||||
this.Options = options;
|
Options = options;
|
||||||
this.Count++;
|
Count++;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void Append(string key, string value)
|
public void Append(string key, string value)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue