原文
https://www.freesion.com/article/6898417648/
https://www.cnblogs.com/zhesong/articles/csrfanti.html
一、調用post接口就報錯400,調用get接口就沒有問題
惡心死我了。。。好久沒有改過abp了
二、報錯的原因應該是Antiforgery的問題
Antiforgery token validation failed. The required antiforgery header value "X-XSRF-TOKEN" is not present.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery header value "X-XSRF-TOKEN" is not present.
三、臨時解決方案
反正是 Antiforgery 這個的問題,我解決不了,忽略掉總可以吧,哈哈哈哈
先臨時這么解決,后面有時間再仔細研究。
在控制器上添加這個屬性就可以了,這樣就可以忽略Antiforgery了
[IgnoreAntiforgeryToken]
四、徹底解決
1、添加過濾器
public class AngularAntiforgeryCookieResultFilter : ResultFilterAttribute
{
private IAntiforgery antiforgery;
public AngularAntiforgeryCookieResultFilter(IAntiforgery antiforgery)
{
this.antiforgery = antiforgery;
}
public override void OnResultExecuting(ResultExecutingContext context)
{
if (context.Result is ViewResult)
{
var tokens = antiforgery.GetAndStoreTokens(context.HttpContext);
context.HttpContext.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false });
}
}
}
2、Startup修改
以前
services.AddMvc(options => options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()));
現在
services.AddAntiforgery(opts => opts.HeaderName = "X-XSRF-Token");
services.AddMvc(options => options.Filters.AddService(typeof(AngularAntiforgeryCookieResultFilter)));
services.AddTransient<AngularAntiforgeryCookieResultFilter>();
