.net core - 防伪异常处理
.net core - Anti-forgery Exception Handling
我正在尝试处理客户端上的防伪异常,我想向用户显示相关消息,但我从 .Net Core 服务器得到的只是 400 Bad Request 响应,所以我试图用我自己的响应覆盖它。
所以我添加了过滤器:
using Microsoft.AspNetCore.Mvc.Core.Infrastructure;
using Microsoft.AspNetCore.Mvc.Filters;
namespace Website.Filters
{
public class RedirectAntiforgeryValidationFailedResultFilter : IAlwaysRunResultFilter
{
public void OnResultExecuting(ResultExecutingContext context)
{
if (context.Result is IAntiforgeryValidationFailedResult result)
{
[overraid response]
}
}
public void OnResultExecuted(ResultExecutedContext context)
{
if (context.Result is IAntiforgeryValidationFailedResult result)
{
[overraid response]
}
}
}
}
以及 startup.cs
services.AddAntiforgery(options =>
{
options.SuppressXFrameOptionsHeader = true;
options.HeaderName = "......";
options.Cookie.Name = ".....";
options.Cookie.Path = "/";
options.Cookie.Expiration = TimeSpan.FromDays(2);
});
services.AddMvc(options =>
options.Filters.Add<RedirectAntiforgeryValidationFailedResultFilter>()
).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
我正在使用此功能为用户设置防伪令牌
private static void SetToken(HttpContext context, IAntiforgery antiforgery)
{
var tokens = antiforgery.GetAndStoreTokens(context);
context.Response.Cookies.Append("....", tokens.RequestToken, new CookieOptions()
{
HttpOnly = false,
Secure = true,
MaxAge = TimeSpan.FromDays(2),
SameSite = SameSiteMode.Strict
});
}
我一直无法到达 [overraid response]。
您可以在下图中看到结果确实是 AntiforgeryValidationFailedResult 并且仍然无法进入条件。
当使用 [ApiController] 属性 MVC 将错误结果(状态代码为 400 或更高的结果)转换为具有 ProblemDetails 的结果。 ProblemDetails 类型基于 RFC 7807 specification for providing machine-readable error details in an HTTP response. you can read more about this here.
所以为了解决这个问题,我不得不抑制地图客户端错误。
services.AddMvc(options =>
options.Filters.Add<RedirectAntiforgeryValidationFailedResultFilter>())
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
.ConfigureApiBehaviorOptions(options =>
{
options.SuppressMapClientErrors = true;
});
我正在尝试处理客户端上的防伪异常,我想向用户显示相关消息,但我从 .Net Core 服务器得到的只是 400 Bad Request 响应,所以我试图用我自己的响应覆盖它。
所以我添加了过滤器:
using Microsoft.AspNetCore.Mvc.Core.Infrastructure;
using Microsoft.AspNetCore.Mvc.Filters;
namespace Website.Filters
{
public class RedirectAntiforgeryValidationFailedResultFilter : IAlwaysRunResultFilter
{
public void OnResultExecuting(ResultExecutingContext context)
{
if (context.Result is IAntiforgeryValidationFailedResult result)
{
[overraid response]
}
}
public void OnResultExecuted(ResultExecutedContext context)
{
if (context.Result is IAntiforgeryValidationFailedResult result)
{
[overraid response]
}
}
}
}
以及 startup.cs
services.AddAntiforgery(options =>
{
options.SuppressXFrameOptionsHeader = true;
options.HeaderName = "......";
options.Cookie.Name = ".....";
options.Cookie.Path = "/";
options.Cookie.Expiration = TimeSpan.FromDays(2);
});
services.AddMvc(options =>
options.Filters.Add<RedirectAntiforgeryValidationFailedResultFilter>()
).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
我正在使用此功能为用户设置防伪令牌
private static void SetToken(HttpContext context, IAntiforgery antiforgery)
{
var tokens = antiforgery.GetAndStoreTokens(context);
context.Response.Cookies.Append("....", tokens.RequestToken, new CookieOptions()
{
HttpOnly = false,
Secure = true,
MaxAge = TimeSpan.FromDays(2),
SameSite = SameSiteMode.Strict
});
}
我一直无法到达 [overraid response]。
您可以在下图中看到结果确实是 AntiforgeryValidationFailedResult 并且仍然无法进入条件。
当使用 [ApiController] 属性 MVC 将错误结果(状态代码为 400 或更高的结果)转换为具有 ProblemDetails 的结果。 ProblemDetails 类型基于 RFC 7807 specification for providing machine-readable error details in an HTTP response. you can read more about this here.
所以为了解决这个问题,我不得不抑制地图客户端错误。
services.AddMvc(options =>
options.Filters.Add<RedirectAntiforgeryValidationFailedResultFilter>())
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
.ConfigureApiBehaviorOptions(options =>
{
options.SuppressMapClientErrors = true;
});