问题描述
我没有诸如layout.cshtml之类的剃须刀页面,Angular应用独立运行,.net核心api独立运行。防伪令牌出现问题。
按照以下说明进行操作均无效。 Anti forgery with token API and angular
How to validate AntiForgeryToken issued from one Application on different Application in .NetCore API? https://www.dotnetcurry.com/aspnet/1343/aspnet-core-csrf-antiforgery-token .net Core 2.0 web api 400 error using Validateantiforgerytoken
尝试:
services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN");
app.Use(async (context,next) =>
{
string path = context.Request.Path.Value;
if (path != null && path.ToLower().Contains("/api"))
{
// XSRF-TOKEN used by angular in the $http if provided
var tokens = antiforgery.GetAndStoretokens(context);
context.Response.Cookies.Append("XSRF-TOKEN",tokens.RequestToken,new CookieOptions
{
HttpOnly = false,Secure = false
}
); ;
}
await next();
});
以上链接仅显示在layout.cshtml中运行的角度应用程序。 在角度请求中添加了XSRF令牌
@Injectable()
export class XsrfInterceptor implements HttpInterceptor {
constructor(private tokenExtractor: HttpXsrftokenExtractor) {}
private actions: string[] = ["POST","PUT","DELETE"];
private forbiddenActions: string[] = ["HEAD","OPTIONS"];
intercept(request: HttpRequest<any>,next: HttpHandler): Observable<HttpEvent<any>> {
let token = this.tokenExtractor.getToken();
let permitted = this.findByActionName(request.method,this.actions);
let forbidden = this.findByActionName(request.method,this.forbiddenActions);;
if (permitted !== undefined && forbidden === undefined && token !== null) {
request = request.clone({ setHeaders: { "X-XSRF-TOKEN": token } });
}
return next.handle(request);
}
private findByActionName(name: string,actions: string[]): string {
return actions.find(action => action.toLocaleLowerCase() === name.toLocaleLowerCase());
}
}
请求标头
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)