如何解决400错误的请求CSRF Angular 8,没有剃须刀页面
错误:400错误的请求。
我没有诸如layout.cshtml之类的剃须刀页面,Angular应用独立运行,.net核心api独立运行。防伪令牌出现问题。
按照以下说明进行操作均无效。 Anti forgery with token API and angular
How to validate AntiForgeryToken issued from one Application on different Application in .NetCore API? https://www.dotnetcurry.com/aspnet/1343/aspnet-core-csrf-antiforgery-token .net Core 2.0 web api 400 error using Validateantiforgerytoken
尝试:
services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN");
app.Use(async (context,next) =>
{
string path = context.Request.Path.Value;
if (path != null && path.ToLower().Contains("/api"))
{
// XSRF-TOKEN used by angular in the $http if provided
var tokens = antiforgery.GetAndStoreTokens(context);
context.Response.Cookies.Append("XSRF-TOKEN",tokens.RequestToken,new CookieOptions
{
HttpOnly = false,Secure = false
}
); ;
}
await next();
});
以上链接仅显示在layout.cshtml中运行的角度应用程序。 在角度请求中添加了XSRF令牌
@Injectable()
export class XsrfInterceptor implements HttpInterceptor {
constructor(private tokenExtractor: HttpXsrfTokenExtractor) {}
private actions: string[] = ["POST","PUT","DELETE"];
private forbiddenActions: string[] = ["HEAD","OPTIONS"];
intercept(request: HttpRequest<any>,next: HttpHandler): Observable<HttpEvent<any>> {
let token = this.tokenExtractor.getToken();
let permitted = this.findByActionName(request.method,this.actions);
let forbidden = this.findByActionName(request.method,this.forbiddenActions);;
if (permitted !== undefined && forbidden === undefined && token !== null) {
request = request.clone({ setHeaders: { "X-XSRF-TOKEN": token } });
}
return next.handle(request);
}
private findByActionName(name: string,actions: string[]): string {
return actions.find(action => action.toLocaleLowerCase() === name.toLocaleLowerCase());
}
}
请求标头
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。