原文
https://www.freesion.com/article/6898417648/
https://www.cnblogs.com/zhesong/articles/csrfanti.html
一、调用post接口就报错400,调用get接口就没有问题
恶心死我了。。。好久没有改过abp了
二、报错的原因应该是Antiforgery的问题
Antiforgery token validation failed. The required antiforgery header value "X-XSRF-TOKEN" is not present.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery header value "X-XSRF-TOKEN" is not present.
三、临时解决方案
反正是 Antiforgery 这个的问题,我解决不了,忽略掉总可以吧,哈哈哈哈
先临时这么解决,后面有时间再仔细研究。
在控制器上添加这个属性就可以了,这样就可以忽略Antiforgery了
[IgnoreAntiforgeryToken]
四、彻底解决
1、添加过滤器
public class AngularAntiforgeryCookieResultFilter : ResultFilterAttribute
{
private IAntiforgery antiforgery;
public AngularAntiforgeryCookieResultFilter(IAntiforgery antiforgery)
{
this.antiforgery = antiforgery;
}
public override void OnResultExecuting(ResultExecutingContext context)
{
if (context.Result is ViewResult)
{
var tokens = antiforgery.GetAndStoreTokens(context.HttpContext);
context.HttpContext.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false });
}
}
}
2、Startup修改
以前
services.AddMvc(options => options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()));
现在
services.AddAntiforgery(opts => opts.HeaderName = "X-XSRF-Token");
services.AddMvc(options => options.Filters.AddService(typeof(AngularAntiforgeryCookieResultFilter)));
services.AddTransient<AngularAntiforgeryCookieResultFilter>();
