-
Notifications
You must be signed in to change notification settings - Fork 243
/
Copy pathProgram.cs
34 lines (27 loc) · 1.13 KB
/
Program.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
using Microsoft.AspNetCore.Antiforgery;
var builder = WebApplication.CreateBuilder(args);
builder.Logging.ClearProviders();
builder.Services.AddAntiforgery(options => options.HeaderName = "XSRF-TOKEN");
var app = builder.Build();
app.UseAntiforgery();
app.MapGet("/", () => Results.Ok("hello world!"));
app.MapGet("/noOp", (HttpContext ctx, IAntiforgery antiforgery) => Results.Ok());
// GET https://localhost:55471/auth
app.MapGet("/auth", (HttpContext ctx, IAntiforgery antiforgery) =>
{
var token = antiforgery.GetAndStoreTokens(ctx);
ctx.Response.Headers.Append("XSRF-TOKEN", token.RequestToken!);
return Results.Ok();
});
// POST https://localhost:55471/validateToken
app.MapPost("/validateToken", async (HttpContext ctx, IAntiforgery antiforgery) =>
{
// HttpContext is expected to have 2 headers:
// 1) antiforgery token ("XSRF-TOKEN");
// 2) cookie token ("Cookie") with value of `.AspNetCore.Antiforgery.<unique-sequence>=<cookie_header>`
await antiforgery.ValidateRequestAsync(ctx);
return Results.Ok();
});
await app.StartAsync();
Console.WriteLine("Application started.");
await app.WaitForShutdownAsync();