huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
256 Commits 1 Branch 0 Tags 251 MiB
Commit Graph

66 Commits

Author SHA1 Message Date
Nate McMaster df41fd8ccc Replace the ConfigureCookieOptions action property with the CookieBuilder 2017-06-30 15:18:40 -07:00
N. Taylor Mullen bdf115a5ff Make SHA256 algorithm creation FIPS compliant. 
#144
 2017-06-08 10:19:33 -07:00
John Luo 5870fce035 Add configure delegate for CookieOptions 
- allows configuration of CookieOptions such as SameSite without explicit duplication of the option on AntiforgeryOptions
 2017-06-02 14:35:22 -07:00
Chris R f258be61fd React to parser StringSegment changes 2017-05-18 21:57:13 -07:00
Nate McMaster 74239f08c0 Update TFM to netstandard2.0 2017-05-18 16:09:19 -07:00
Pranav K 6986ab3a0f Change TFM to netcoreapp2.0 2017-05-05 10:33:07 -07:00
Smit Patel bb916af873 Update API Check related files 
React to aspnet/BuildTools#238
 2017-04-25 08:17:44 -07:00
Pranav K c3d312b0b0 Remove net451 as a cross-compile target 2017-03-23 10:32:42 -07:00
Nate McMaster ce6c832465 Unify dependency version to one file 2017-03-15 11:39:16 -07:00
Juan Naputi 1c9a4f5705 Fixed typo in IAntiforgery file 2017-03-07 10:31:23 -08:00
Nate McMaster aeab73f9f6 Upgrade to VS 2017 2017-01-30 14:21:37 -08:00
Kiran Challa cd4afdc083 [Fixes #116] Set 'no-store' also in Cache-Conrol header 2017-01-26 12:56:15 -08:00
Pranav K 5cb5178619 Updating to 4.4 CoreFx packages 2016-12-14 14:47:26 -08:00
Pranav K 687be28875 Updating versions to 1.2.0-* 2016-11-09 14:12:21 -08:00
Kiran Challa 2fcb187d7d Use request PathBase value to set cookie path only if it has a non-null & non-empty value 2016-11-09 04:27:35 -08:00
Kiran Challa a5c0e505c1 Fix cookie from being set to empty pathbase 
Found with issue: https://github.com/aspnet/Mvc/issues/5512
 2016-11-08 12:25:18 -08:00
jacalvar 968ea59ce4 Created public API baselines 2016-11-04 10:37:10 -07:00
Kiran Challa 3fc090e2fe [Fixes #105] Disable caching when response uses antiforgery 2016-11-02 16:16:06 -07:00
Kiran Challa 08cb67b7e4 [Fixes #104] Expose cookie options via Antiforgery options 2016-11-02 11:03:23 -07:00
chris2093 72bc9c0f2c Update DefaultAntiforgeryTokenStore.cs (#106) 
Corrected comment typo
 2016-10-19 07:54:52 -07:00
Pranav K fb8795e247 Updating partner package versions 2016-09-28 11:49:26 -07:00
Kiran Challa ad90db343c [Fixes #101] Cookie path is always / in IIS 2016-09-13 13:58:02 -07:00
N. Taylor Mullen 55595d8a64 Merge branch 'rel/1.0.1' into dev 2016-08-17 14:41:58 -07:00
N. Taylor Mullen cdf84eb87e Change SHA256 algorithm to work on FIPS-compliant machines. 
#95
 2016-08-17 12:33:02 -07:00
N. Taylor Mullen a44275b732 Update projects to 1.0.1. 2016-08-17 12:24:20 -07:00
Doug Bunting e9f26ec4b6 One build to rule them all 
- well, at least VS and command-line builds will share output
- part of aspnet/Coherence-Signed#277
 2016-07-06 21:43:13 -07:00
Pranav K 646cb6ea21 Updating json files to pin versions and build files to pin KoreBuild 2016-06-27 13:51:09 -07:00
Pranav K dad4522ef3 Updating to dev versions 2016-06-16 10:39:00 -07:00
N. Taylor Mullen 54d9860eea Rename `ServiceCollectionExtensions` to `AntiforgeryServiceCollectionExtensions`. 
#84
 2016-05-26 10:06:26 -07:00
Kiran Challa 3595452af7 Change priority for request token source lookup. Header token now takes priority over form field token. 2016-05-18 17:03:20 -07:00
Pranav K f65c3db6ef Merge branch 'release' into dev 2016-05-02 14:55:20 -07:00
Pranav K 05602d36db Fix build warnings 2016-05-02 11:27:05 -07:00
Ryan Brandenburg eabe83a72d Prevent null-ref and log exceptions form Serializer 2016-04-18 15:55:27 -07:00
Ryan Brandenburg fd81151d31 Preserve X-Frame-Options if it was already set 2016-04-18 14:27:06 -07:00
Pranav K 04a4772fe5 Removing imports from src projects 2016-04-08 06:49:20 -07:00
Ryan Nowak 37c8f5de70 Revert "Add antiforgery middleware" 
This reverts commit 4629148519.
 2016-04-01 09:10:33 -07:00
Doug Bunting 65a2b8d25b React to HttpAbstractions namespace changes 
- aspnet/HttpAbstractions#549 and aspnet/HttpAbstractions#592
- clean up `using`s
 2016-03-30 16:13:12 -07:00
jacalvar 0bc42a9b21 Return IServiceCollection from AddAntiforgery extension methods 2016-03-28 14:59:24 -07:00
Doug Bunting 0c81df8591 An `ObjectPoolProvider` is always registered 
- react to aspnet/Hosting/pull#673
 2016-03-25 11:19:23 -07:00
ryanbrandenburg 94cefde3ec Make IAntiforgeryContextAccessor a Feature 2016-03-23 14:35:26 -07:00
Pranav K 162cb428cc Fixing CI build failure 
Removing unused npm references
 2016-03-12 09:45:03 -08:00
Eilon Lipton 1d78d51cb1 Fix package metadata 2016-03-06 21:07:21 -08:00
John Luo 91b955e080 Update cookie name 2016-03-03 22:48:13 -08:00
Ajay Bhargav Baaskaran 91f44549ac Added Company, Copyright and Product attributes to AssemblyInfo 2016-03-03 17:33:26 -08:00
Doug Bunting 260f1b7db9 Remove project name from output path 
- aspnet/Coherence-Signed#187
- remove `<RootNamespace>` settings but maintain other unique aspects e.g. `<DnxInvisibleContent ... />`
- in a few cases, standardize on VS version `14.0` and not something more specific
 2016-03-02 15:21:47 -08:00
N. Taylor Mullen f9b9dcd79b Transition to netstandard. 
- dotnet5.X => netstandard1.y (where y = x-1).
- DNXCore50 => netstandardapp1.5.
- Applied the same changes to ifdefs.
 2016-03-01 13:36:35 -08:00
jacalvar aa8fd48c64 Updated antiforgery ServiceCollectionExtensions 2016-02-26 16:13:10 -08:00
Ryan Nowak 4629148519 [Design] Add antiforgery middleware 
This new middleware participates in authentication and acts as a filter
when the request doesn't include a valid CSRF token for a POST.

Any authentication middleware that you want to validate an antiforgery
token should go ahead of this middleware in the pipeline (Cookies,
IISIntegration). This also takes care of automatic auth (Windows) done by
weblistener.

Any authentication middleware that you want to ignore antiforgery should
go after this middleware in the pipeline.

To facilitate this, there are a few changes in the antiforgery API
surface. Namely we can now pass in a principal to validate tokens. You
can't pass in a principal to generate tokens - we expect you to be logged
in at that poing. Also, ValidateRequestAsync(...) now checks the HTTP verb
and won't validate GETs and such.
 2016-02-24 15:04:09 -08:00
Doug Bunting 478edc1735 Pool `char`s used for base64url-encoding and -decoding 
- #23 part 4
- depends on aspnet/HttpAbstractions@8c120a0

nits:
- correct name of a field in `AntiforgerySerializationContext`
- avoid allocations when returning an `AntiforgerySerializationContext` in (unlikely) case `Stream` is unused
- name literal `int` parameters
 2016-02-17 23:17:15 -08:00
Ajay Bhargav Baaskaran c2f4bd0be5 Enabled xml doc generation 2016-02-17 12:12:44 -08:00