Merge branch 'rel/2.0.0-preview2' into dev
This commit is contained in:
John Luo
Коммит
a242c4b0f0
|
|
@ -47,18 +47,30 @@ namespace Microsoft.AspNetCore.Antiforgery
|
|||
}
|
||||
|
||||
/// <summary>
|
||||
/// This is obsolete and will be removed in a future version.
|
||||
/// The recommended alternative is to use ConfigureCookieOptions.
|
||||
/// The path set on the cookie. If set to <c>null</c>, the "path" attribute on the cookie is set to the current
|
||||
/// request's <see cref="HttpRequest.PathBase"/> value. If the value of <see cref="HttpRequest.PathBase"/> is
|
||||
/// <c>null</c> or empty, then the "path" attribute is set to the value of <see cref="CookieOptions.Path"/>.
|
||||
/// </summary>
|
||||
[Obsolete("This is obsolete and will be removed in a future version. The recommended alternative is to use ConfigureCookieOptions.")]
|
||||
public PathString? CookiePath { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// The domain set on the cookie. By default its <c>null</c> which results in the "domain" attribute not being
|
||||
/// set.
|
||||
/// This is obsolete and will be removed in a future version.
|
||||
/// The recommended alternative is to use ConfigureCookieOptions.
|
||||
/// The domain set on the cookie. By default its <c>null</c> which results in the "domain" attribute not being set.
|
||||
/// </summary>
|
||||
[Obsolete("This is obsolete and will be removed in a future version. The recommended alternative is to use ConfigureCookieOptions.")]
|
||||
public string CookieDomain { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Configures the <see cref="CookieOptions"/> of the antiforgery cookies. Without additional configuration, the
|
||||
/// default values antiforgery cookie options are true for <see cref="CookieOptions.HttpOnly"/>, null for
|
||||
/// <see cref="CookieOptions.Domain"/> and <see cref="SameSiteMode.Strict"/> for <see cref="CookieOptions.SameSite"/>.
|
||||
/// </summary>
|
||||
public Action<HttpContext, CookieOptions> ConfigureCookieOptions { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Specifies the name of the antiforgery token field that is used by the antiforgery system.
|
||||
/// </summary>
|
||||
|
|
|
|||
|
|
@ -69,34 +69,34 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
Debug.Assert(httpContext != null);
|
||||
Debug.Assert(token != null);
|
||||
|
||||
var options = new CookieOptions();
|
||||
options.HttpOnly = true;
|
||||
options.Domain = _options.CookieDomain;
|
||||
// Note: don't use "newCookie.Secure = _options.RequireSSL;" since the default
|
||||
// value of newCookie.Secure is populated out of band.
|
||||
if (_options.RequireSsl)
|
||||
var options = new CookieOptions
|
||||
{
|
||||
options.Secure = true;
|
||||
}
|
||||
SetCookiePath(httpContext, options);
|
||||
HttpOnly = true,
|
||||
#pragma warning disable 618
|
||||
Domain = _options.CookieDomain,
|
||||
#pragma warning restore 618
|
||||
SameSite = SameSiteMode.Strict,
|
||||
Secure = _options.RequireSsl
|
||||
};
|
||||
|
||||
httpContext.Response.Cookies.Append(_options.CookieName, token, options);
|
||||
}
|
||||
|
||||
private void SetCookiePath(HttpContext httpContext, CookieOptions cookieOptions)
|
||||
{
|
||||
#pragma warning disable 618
|
||||
if (_options.CookiePath != null)
|
||||
{
|
||||
cookieOptions.Path = _options.CookiePath.ToString();
|
||||
options.Path = _options.CookiePath.ToString();
|
||||
}
|
||||
#pragma warning restore 618
|
||||
else
|
||||
{
|
||||
var pathBase = httpContext.Request.PathBase.ToString();
|
||||
if (!string.IsNullOrEmpty(pathBase))
|
||||
{
|
||||
cookieOptions.Path = pathBase;
|
||||
options.Path = pathBase;
|
||||
}
|
||||
}
|
||||
|
||||
_options.ConfigureCookieOptions?.Invoke(httpContext, options);
|
||||
|
||||
httpContext.Response.Cookies.Append(_options.CookieName, token, options);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -311,7 +311,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
}
|
||||
|
||||
[Fact]
|
||||
public void SaveCookieToken_NonNullAntiforgeryOptionsCookiePath_UsesOptionsCookiePath()
|
||||
public void SaveCookieToken_NonNullAntiforgeryOptionsConfigureCookieOptionsPath_UsesCookieOptionsPath()
|
||||
{
|
||||
// Arrange
|
||||
var expectedCookiePath = "/";
|
||||
|
|
@ -330,7 +330,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
.Returns("/index.html");
|
||||
var options = new AntiforgeryOptions();
|
||||
options.CookieName = _cookieName;
|
||||
options.CookiePath = expectedCookiePath;
|
||||
options.ConfigureCookieOptions = (context, cookieOptions) => cookieOptions.Path = expectedCookiePath;
|
||||
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
||||
|
||||
// Act
|
||||
|
|
@ -346,7 +346,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
}
|
||||
|
||||
[Fact]
|
||||
public void SaveCookieToken_NonNullAntiforgeryOptionsCookieDomain_UsesOptionsCookieDomain()
|
||||
public void SaveCookieToken_NonNullAntiforgeryOptionsConfigureCookieOptionsDomain_UsesCookieOptionsDomain()
|
||||
{
|
||||
// Arrange
|
||||
var expectedCookieDomain = "microsoft.com";
|
||||
|
|
@ -364,7 +364,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
|||
.Returns("/index.html");
|
||||
var options = new AntiforgeryOptions();
|
||||
options.CookieName = _cookieName;
|
||||
options.CookieDomain = expectedCookieDomain;
|
||||
options.ConfigureCookieOptions = (context, cookieOptions) => cookieOptions.Domain = expectedCookieDomain;
|
||||
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
||||
|
||||
// Act
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче