Use request PathBase value to set cookie path only if it has a non-null & non-empty value
This commit is contained in:
Kiran Challa
Родитель
a5c0e505c1
Коммит
2fcb187d7d
|
|
@ -47,8 +47,9 @@ namespace Microsoft.AspNetCore.Antiforgery
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The path set on the cookie. If it's <c>null</c>, the "path" attribute on the cookie is set to current
|
/// The path set on the cookie. If set to <c>null</c>, the "path" attribute on the cookie is set to the current
|
||||||
/// request's <see cref="HttpRequest.PathBase"/> value.
|
/// request's <see cref="HttpRequest.PathBase"/> value. If the value of <see cref="HttpRequest.PathBase"/> is
|
||||||
|
/// <c>null</c> or empty, then the "path" attribute is set to the value of <see cref="CookieOptions.Path"/>.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public PathString? CookiePath { get; set; }
|
public PathString? CookiePath { get; set; }
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -71,7 +71,6 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
|
|
||||||
var options = new CookieOptions();
|
var options = new CookieOptions();
|
||||||
options.HttpOnly = true;
|
options.HttpOnly = true;
|
||||||
options.Path = _options.CookiePath ?? GetPathBase(httpContext);
|
|
||||||
options.Domain = _options.CookieDomain;
|
options.Domain = _options.CookieDomain;
|
||||||
// Note: don't use "newCookie.Secure = _options.RequireSSL;" since the default
|
// Note: don't use "newCookie.Secure = _options.RequireSSL;" since the default
|
||||||
// value of newCookie.Secure is populated out of band.
|
// value of newCookie.Secure is populated out of band.
|
||||||
|
|
@ -79,18 +78,25 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
{
|
{
|
||||||
options.Secure = true;
|
options.Secure = true;
|
||||||
}
|
}
|
||||||
|
SetCookiePath(httpContext, options);
|
||||||
|
|
||||||
httpContext.Response.Cookies.Append(_options.CookieName, token, options);
|
httpContext.Response.Cookies.Append(_options.CookieName, token, options);
|
||||||
}
|
}
|
||||||
|
|
||||||
private string GetPathBase(HttpContext httpContext)
|
private void SetCookiePath(HttpContext httpContext, CookieOptions cookieOptions)
|
||||||
{
|
{
|
||||||
var pathBase = httpContext.Request.PathBase.ToString();
|
if (_options.CookiePath != null)
|
||||||
if (string.IsNullOrEmpty(pathBase))
|
|
||||||
{
|
{
|
||||||
pathBase = "/";
|
cookieOptions.Path = _options.CookiePath.ToString();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
var pathBase = httpContext.Request.PathBase.ToString();
|
||||||
|
if (!string.IsNullOrEmpty(pathBase))
|
||||||
|
{
|
||||||
|
cookieOptions.Path = pathBase;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return pathBase;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче