Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DefaultAntiforgeryStateProvider state persistence doesn't work #50908

Closed
SteveSandersonMS opened this issue Sep 25, 2023 · 2 comments
Closed

DefaultAntiforgeryStateProvider state persistence doesn't work #50908

SteveSandersonMS opened this issue Sep 25, 2023 · 2 comments
Assignees
@javiercn
Labels
area-blazor Includes: Blazor, Razor Components
Milestone
8.0.0

Comments

@SteveSandersonMS
Copy link
Member

DefaultAntiforgeryStateProvider contains the following comment:

        // Automatically flow the Request token to server/wasm through
        // persistent component state. This guarantees that the antiforgery
        // token is available on the interactive components, even when they
        // don't have access to the request.

However, from what I can tell, this will never happen because the logic doesn't work. It will always persist a null value for the token. This is because the value it persists is _currentToken, but that value is never assigned except via a call to TryTakeFromJson. So nothing ever sets an initial non-null value to be persisted. If I'm missing something and this actually does work (though it didn't seem to when I tried it to validate) then sorry!

Broader thoughts:

  • Obviously this indicates some missing E2E tests
  • If neither we nor anyone else has tried to use this for its intended purpose, it suggests maybe the feature isn't required. If that's the case then instead of maintaining support for it forever, we should roll it back until we have clearer evidence that it would really be used in mainstream cases.
@SteveSandersonMS SteveSandersonMS added the area-blazor Includes: Blazor, Razor Components label Sep 25, 2023
@javiercn
Copy link
Member

Never mind, I see the issue now.

This was a fluke on my implementation.

@SteveSandersonMS SteveSandersonMS added this to the 8.0 milestone Sep 25, 2023
@SteveSandersonMS
Copy link
Member Author

Closing as duplicate of #50900

@wtgodbe wtgodbe modified the milestones: 8.0, 8.0.0 Oct 3, 2023
@ghost ghost locked as resolved and limited conversation to collaborators Nov 2, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@javiercn javiercn

Labels
area-blazor Includes: Blazor, Razor Components
Projects
None yet
Milestone
8.0.0
Development

No branches or pull requests
3 participants
@SteveSandersonMS @javiercn @wtgodbe