Updated the DefaultAntiforgery to set the the cache headers only if they aren't set yet.
This commit is contained in:
Artak Mkrtchyan
Родитель
e5de4e672c
Коммит
6138087de6
|
|
@ -24,11 +24,11 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
private readonly ILogger<DefaultAntiforgery> _logger;
|
private readonly ILogger<DefaultAntiforgery> _logger;
|
||||||
|
|
||||||
public DefaultAntiforgery(
|
public DefaultAntiforgery(
|
||||||
IOptions<AntiforgeryOptions> antiforgeryOptionsAccessor,
|
IOptions<AntiforgeryOptions> antiforgeryOptionsAccessor,
|
||||||
IAntiforgeryTokenGenerator tokenGenerator,
|
IAntiforgeryTokenGenerator tokenGenerator,
|
||||||
IAntiforgeryTokenSerializer tokenSerializer,
|
IAntiforgeryTokenSerializer tokenSerializer,
|
||||||
IAntiforgeryTokenStore tokenStore,
|
IAntiforgeryTokenStore tokenStore,
|
||||||
ILoggerFactory loggerFactory)
|
ILoggerFactory loggerFactory)
|
||||||
{
|
{
|
||||||
_options = antiforgeryOptionsAccessor.Value;
|
_options = antiforgeryOptionsAccessor.Value;
|
||||||
_tokenGenerator = tokenGenerator;
|
_tokenGenerator = tokenGenerator;
|
||||||
|
|
@ -374,13 +374,28 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
/// <param name="httpContext">The <see cref="HttpContext"/>.</param>
|
/// <param name="httpContext">The <see cref="HttpContext"/>.</param>
|
||||||
protected virtual void SetDoNotCacheHeaders(HttpContext httpContext)
|
protected virtual void SetDoNotCacheHeaders(HttpContext httpContext)
|
||||||
{
|
{
|
||||||
// Since antifogery token generation is not very obvious to the end users (ex: MVC's form tag generates them
|
bool cacheHeadersChanged = SetHeaderIfNotSet(httpContext, HeaderNames.CacheControl, "no-cache, no-store");
|
||||||
// by default), log a warning to let users know of the change in behavior to any cache headers they might
|
cacheHeadersChanged |= SetHeaderIfNotSet(httpContext, HeaderNames.Pragma, "no-cache");
|
||||||
// have set explicitly.
|
|
||||||
LogCacheHeaderOverrideWarning(httpContext.Response);
|
|
||||||
|
|
||||||
httpContext.Response.Headers[HeaderNames.CacheControl] = "no-cache, no-store";
|
if (cacheHeadersChanged)
|
||||||
httpContext.Response.Headers[HeaderNames.Pragma] = "no-cache";
|
{
|
||||||
|
// Since antifogery token generation is not very obvious to the end users (ex: MVC's form tag generates them
|
||||||
|
// by default), log a warning to let users know of the change in behavior to any cache headers they might
|
||||||
|
// have set explicitly.
|
||||||
|
LogCacheHeaderOverrideWarning(httpContext.Response);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static bool SetHeaderIfNotSet(HttpContext context, string headerName, string value)
|
||||||
|
{
|
||||||
|
if (!context.Response.Headers.ContainsKey(headerName))
|
||||||
|
{
|
||||||
|
context.Response.Headers[headerName] = value;
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
private void LogCacheHeaderOverrideWarning(HttpResponse response)
|
private void LogCacheHeaderOverrideWarning(HttpResponse response)
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче