服务器无法在使用 AntiForgeryToken 发送 HTTP header 后附加 header
Server cannot append header after HTTP headers have been sent with AntiForgeryToken
我正在使用 C# 和 Twitter Bootstrap 构建我的第一个网站,我在 Post 中遇到 "Server cannot append header after HTTP headers have been sent" 错误,同时发现验证问题和 TempData["ErrorMessage"]
需要在return View(model)
之后显示。具体错误发生在 html 行 @Html.AntiForgeryToken()
。如果消息已设置并 returned 到验证之外的视图,则不会发生错误。
我已经尝试过:将 return View(model)
更改为 RedirectToAction ("Action", new { id = model.id })
和 Redirect ("/Controller/Action/" + model.id.ToString())
,如果该行在验证之外,这会起作用,但在条件验证之内会失败;在 Application_start
中将 AntiForgeryConfig.SuppressXFrameOptionsHeader
设置为 true;并在设置 TempData 和 returning 到视图之前调用 HttpContext.Response.Clear()
。我还没有尝试过操纵 cookie,因为我不确定如何具体处理 anti-forgery 令牌。
我想要做的只是 return 在页面上显示 error/validation 消息而不是 pop-up 消息框的视图,以及 none上述方法奏效了。有谁知道为什么这个目标在验证之外起作用但在验证内部不起作用?非常感谢!
//Any return and message works correctly if done here
try
{
//Various other validations using values pulled from database
if (model.NewString.Length > 50 || model.NewString.Length < 7)
{
//This throws the error
TempData["ErrorMessage"] = "Please enter a value of valid length.";
return View(model);
}
}
catch
{
TempData["ErrorMessage"] = "There has been an error.";
return RedirectToAction("Index");
}
编辑: 这是 Amit 要求的操作 as-is。
[HttpPost]
[ValidateAntiForgeryToken]
[Authorize (Roles = "Administrator, Owner, Director, Manager")]
[RequireSsl]
public ActionResult CreateCustomer (CreateCustomerModel model)
{
dbEntities db = new dbEntities();
var CurrentBusinessID = 0;
var CurrentPosition = "";
var CurrentUserID = 0;
try
{
if (Session["CurrentUserID"] != null)
{
CurrentUserID = (int)Session["CurrentUserID"];
CurrentBusinessID = (int)Session["CurrentBusinessInfoID"];
CurrentPosition = (string)Session["CurrentPosition"];
}
else
{
Response.Redirect("/Account/Logon");
}
}
catch (Exception ex)
{
Console.WriteLine(ex);
Response.Redirect("/Account/Logon");
}
try
{
var account = db.uspGetAccount(model.AccountID).FirstOrDefault();
AccountsModel thisAccount = new AccountsModel()
{
AccountID = model.AccountID,
BusinessID = account.BusinessID
};
if (thisAccount.BusinessID != CurrentBusinessID)
{
Response.Redirect("/Home/Dashboard");
}
if (model.Name == null || model.Name == "")
{
TempData["ErrorMessage"] = "Please enter a name.";
return View(model);
}
if (model.NewString.Length > 50 || model.NewString.Length < 7)
{
//This throws the error
TempData["ErrorMessage"] = "Please enter a value of valid length.";
return View(model);
}
db.AddCustomer(model.Name, model.NewString);
}
catch
{
TempData["ErrorMessage"] = "There has been an error.";
return RedirectToAction("Index");
}
return RedirectToAction("Accounts");
}
此问题已通过在包含验证的 try
语句中更改 if
语句中的 Reponse.Redirect("/Home/Dashboard")
得到解决。将此行更改为 return RedirectToAction("Accounts")
解决了问题,但我不确定为什么。
if (thisAccount.BusinessID != CurrentBusinessID)
{
Response.Redirect("/Home/Dashboard");//Solve the problem by replacing this
}
我正在使用 C# 和 Twitter Bootstrap 构建我的第一个网站,我在 Post 中遇到 "Server cannot append header after HTTP headers have been sent" 错误,同时发现验证问题和 TempData["ErrorMessage"]
需要在return View(model)
之后显示。具体错误发生在 html 行 @Html.AntiForgeryToken()
。如果消息已设置并 returned 到验证之外的视图,则不会发生错误。
我已经尝试过:将 return View(model)
更改为 RedirectToAction ("Action", new { id = model.id })
和 Redirect ("/Controller/Action/" + model.id.ToString())
,如果该行在验证之外,这会起作用,但在条件验证之内会失败;在 Application_start
中将 AntiForgeryConfig.SuppressXFrameOptionsHeader
设置为 true;并在设置 TempData 和 returning 到视图之前调用 HttpContext.Response.Clear()
。我还没有尝试过操纵 cookie,因为我不确定如何具体处理 anti-forgery 令牌。
我想要做的只是 return 在页面上显示 error/validation 消息而不是 pop-up 消息框的视图,以及 none上述方法奏效了。有谁知道为什么这个目标在验证之外起作用但在验证内部不起作用?非常感谢!
//Any return and message works correctly if done here
try
{
//Various other validations using values pulled from database
if (model.NewString.Length > 50 || model.NewString.Length < 7)
{
//This throws the error
TempData["ErrorMessage"] = "Please enter a value of valid length.";
return View(model);
}
}
catch
{
TempData["ErrorMessage"] = "There has been an error.";
return RedirectToAction("Index");
}
编辑: 这是 Amit 要求的操作 as-is。
[HttpPost]
[ValidateAntiForgeryToken]
[Authorize (Roles = "Administrator, Owner, Director, Manager")]
[RequireSsl]
public ActionResult CreateCustomer (CreateCustomerModel model)
{
dbEntities db = new dbEntities();
var CurrentBusinessID = 0;
var CurrentPosition = "";
var CurrentUserID = 0;
try
{
if (Session["CurrentUserID"] != null)
{
CurrentUserID = (int)Session["CurrentUserID"];
CurrentBusinessID = (int)Session["CurrentBusinessInfoID"];
CurrentPosition = (string)Session["CurrentPosition"];
}
else
{
Response.Redirect("/Account/Logon");
}
}
catch (Exception ex)
{
Console.WriteLine(ex);
Response.Redirect("/Account/Logon");
}
try
{
var account = db.uspGetAccount(model.AccountID).FirstOrDefault();
AccountsModel thisAccount = new AccountsModel()
{
AccountID = model.AccountID,
BusinessID = account.BusinessID
};
if (thisAccount.BusinessID != CurrentBusinessID)
{
Response.Redirect("/Home/Dashboard");
}
if (model.Name == null || model.Name == "")
{
TempData["ErrorMessage"] = "Please enter a name.";
return View(model);
}
if (model.NewString.Length > 50 || model.NewString.Length < 7)
{
//This throws the error
TempData["ErrorMessage"] = "Please enter a value of valid length.";
return View(model);
}
db.AddCustomer(model.Name, model.NewString);
}
catch
{
TempData["ErrorMessage"] = "There has been an error.";
return RedirectToAction("Index");
}
return RedirectToAction("Accounts");
}
此问题已通过在包含验证的 try
语句中更改 if
语句中的 Reponse.Redirect("/Home/Dashboard")
得到解决。将此行更改为 return RedirectToAction("Accounts")
解决了问题,但我不确定为什么。
if (thisAccount.BusinessID != CurrentBusinessID)
{
Response.Redirect("/Home/Dashboard");//Solve the problem by replacing this
}