This fix changes the model for error messaging in antiforgery. Now only
the token store will report a detailed error message including the names
of form field and cookie. Other components will give more generic errors
and assume that this was handled by the token store.
This way you still see an error if the user creates a token store that
doesn't throw, but it's a generic error that doesn't give incorrect
information.
This change makes it possible to replace all of the various
IAntiforgery*** extensibility points via DI.
changes:
- Move functionality out of AntiforgeryWorker into Antiforgery
- Move services to DI (instead of constructed by Antiforgery)
- Cleanup how application/cookie-name is computed
- Merge IAntiforgeryTokenGenerator & IAntiforgeryTokenValidator
- Unseal classes
- Fix use of options in services
- Misc test cleanup
unknown
Ryan Nowak