Merge pull request #1693 from sbwalker/dev

fix #1691 - AntiForgeryToken header not being set during startup
oqtane · Sep 27, 2021 · 30fb6fd · 30fb6fd
2 parents 023f294 + 4bfb5d9
commit 30fb6fd
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 5 deletions.
diff --git a/Oqtane.Client/App.razor b/Oqtane.Client/App.razor
@@ -47,11 +47,13 @@
 
     protected override async Task OnParametersSetAsync()
     {
+        SiteState.AntiForgeryToken = AntiForgeryToken;
+        InstallationService.SetAntiForgeryTokenHeader(AntiForgeryToken);
+
         _installation = await InstallationService.IsInstalled();
         if (_installation.Alias != null)
         {
             SiteState.Alias = _installation.Alias;
-            SiteState.AntiForgeryToken = AntiForgeryToken;
         }
         else
         {
@@ -68,8 +70,10 @@
             {
                 // parameter values are not set when running on WebAssembly (seems to be a .NET 5 bug) - need to retrieve using JSInterop
                 var interop = new Interop(JSRuntime);
-                AntiForgeryToken = await interop.GetElementByName(Constants.RequestVerificationToken);
-                SiteState.AntiForgeryToken = AntiForgeryToken;
+
+                SiteState.AntiForgeryToken = await interop.GetElementByName(Constants.RequestVerificationToken);
+                InstallationService.SetAntiForgeryTokenHeader(SiteState.AntiForgeryToken);
+
                 Runtime = await interop.GetElementByName("app_runtime");
                 RenderMode = await interop.GetElementByName("app_rendermode");
             }

diff --git a/Oqtane.Client/Services/InstallationService.cs b/Oqtane.Client/Services/InstallationService.cs
@@ -25,8 +25,6 @@ public InstallationService(HttpClient http, NavigationManager navigationManager,
 
         public async Task<Installation> IsInstalled()
         {
-            // add antiforgerytoken header so that it is included on all HttpClient calls for the lifetime of the app
-            AddRequestHeader(Constants.AntiForgeryTokenHeaderName, _siteState.AntiForgeryToken);
             var path = new Uri(_navigationManager.Uri).LocalPath.Substring(1);            
             return await GetJsonAsync<Installation>($"{ApiUrl}/installed/?path={WebUtility.UrlEncode(path)}");
         }
@@ -50,5 +48,14 @@ public async Task RegisterAsync(string email)
         {
             await PostJsonAsync($"{ApiUrl}/register?email={WebUtility.UrlEncode(email)}", true);
         }
+
+        public void SetAntiForgeryTokenHeader(string antiforgerytokenvalue)
+        {
+            if (!string.IsNullOrEmpty(antiforgerytokenvalue))
+            {
+                AddRequestHeader(Constants.AntiForgeryTokenHeaderName, antiforgerytokenvalue);
+            }
+        }
+
     }
 }
diff --git a/Oqtane.Client/Services/Interfaces/IInstallationService.cs b/Oqtane.Client/Services/Interfaces/IInstallationService.cs
@@ -41,5 +41,11 @@ public interface IInstallationService
         /// <param name="email">Email of the user to be registered</param>
         /// <returns></returns>
         Task RegisterAsync(string email);
+
+        /// <summary>
+        /// Sets the antiforgerytoken header so that it is included on all HttpClient calls for the lifetime of the app 
+        /// </summary>
+        /// <returns></returns>
+        void SetAntiForgeryTokenHeader(string antiforgerytokenvalue);
     }
 }