github/JavaScriptServices
1
1
Fork 0
mirror of https://github.com/aspnet/JavaScriptServices.git synced 2025-12-22 17:47:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Spa Angular Template 2.0.0 and Antiforgery #234

New Issue
Closed
opened 2025-08-09 17:15:31 +00:00 by fergalmoran · 0 comments
fergalmoran commented 2025-08-09 17:15:31 +00:00
Owner
Copy Link

Originally created by @robfarmergt on 1/10/2018

I'm trying to test Antiforgery and can't seem to get it to work. It doesn't look like the cookie is being appended to the request. When using the following code:

app.Use(next => context =>
{
    if (
        string.Equals(context.Request.Path.Value, "/", StringComparison.OrdinalIgnoreCase) ||
        string.Equals(context.Request.Path.Value, "/index.html", StringComparison.OrdinalIgnoreCase))
    {
        // We can send the request token as a JavaScript-readable cookie, and Angular will use it by default.
        var tokens = antiforgery.GetAndStoreTokens(context);
        context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken,
            new CookieOptions() { HttpOnly = false });
    }

    return next(context);
});

From what I can tell the cookie should get attached to a request for either / or /index.html but it isn't.

I'm also not entirely sure how the new Spa services handle requests as it seems like ng serve is running a server as well as IIS Express.

Any help is appreciated.

*Originally created by @robfarmergt on 1/10/2018* I'm trying to test [Antiforgery](https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery) and can't seem to get it to work. It doesn't look like the cookie is being appended to the request. When using the following code: ``` app.Use(next => context => { if ( string.Equals(context.Request.Path.Value, "/", StringComparison.OrdinalIgnoreCase) || string.Equals(context.Request.Path.Value, "/index.html", StringComparison.OrdinalIgnoreCase)) { // We can send the request token as a JavaScript-readable cookie, and Angular will use it by default. var tokens = antiforgery.GetAndStoreTokens(context); context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false }); } return next(context); }); ``` From what I can tell the cookie should get attached to a request for either `/` or `/index.html` but it isn't. I'm also not entirely sure how the new Spa services handle requests as it seems like `ng serve` is running a server as well as `IIS Express`. Any help is appreciated.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
2 - Working
2 - Working
3 - Done
3 - Done
3 - Done
3 - Done
3 - Done
3 - Done
3 - Done
angular
angular
angular
angular
angular
bug
bug
bug
bug
bug
bug
bug
bug
bug
core
core
core
core
core
core
core
duplicate
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
external
external
P1
P1
P1
P1
P1
P1
P2
P2
P2
P2
P2
P2
P2
P2
P2
PRI: 1 - Required
react
react
task
task
up-for-grabs
up-for-grabs
up-for-grabs
waiting
waiting
waiting
waiting
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
fergalmoran
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/JavaScriptServices#234
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?