hi
If the cookie contains this token, the request header must include it.
Also, recommended to use HTTPS instead of HTTP.
hi
POST /auth/api/account/profile-picture HTTP/1.1
RequestVerificationToken: abcdefg
Cookie: XSRF-TOKEN=abcdefg
You can check your cookies. There should be an XSRF-TOKEN cookie.
The angular team has fixed a problem with XSRF
see https://github.com/abpframework/abp/pull/21595
hi yasin.hallak.89@gmail.com
Your ticket has been refunded.
Thanks.
hi
The required antiforgery request token was not provided in either form field "__RequestVerificationToken" or header value "RequestVerificationToken".
abp.ajax will set RequestVerificationToken to request header, it value read from cookies(XSRF-TOKEN).
https://github.com/abpframework/abp/blob/dev/npm/packs/jquery/src/abp.jquery.js#L254-L263
Is your api call has set this header?
Thanks.
hi LiSong
The services and repositories are registered to the dependency injection system by convention.
See https://abp.io/docs/latest/framework/fundamentals/dependency-injection#inherently-registered-types https://abp.io/docs/latest/framework/fundamentals/dependency-injection#dependency-interfaces
Thanks.
hi
Does context.TenantId have a value?
The PermissionDataSeeder will insert the records into the AbpPermissionGrant table.
Can you check if the insert succeeds?
Is this UI page from a tenant admin user?
Thanks.
hi
Please share the debug logs(.MinimumLevel.Debug()) for the requests.
Thanks.
public class Program
{
public async static Task<int> Main(string[] args)
{
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
.Enrich.FromLogContext()
.WriteTo.Async(c => c.File("Logs/logs.txt"))
.WriteTo.Async(c => c.Console())
.CreateLogger();
hi
ABP has a widget system, you can check it: https://abp.io/docs/latest/framework/ui/mvc-razor-pages/widgets
I think it is more suitable for your case.
The dashboard widgets.
Thanks.
hi
Can you share your TavTechnologies.Octopus.AdministrationService project source code?
And the nuget package file. TavTechnologies.Octopus.AdministrationService.Contracts.nupkg
I need to confirm if generate-proxy.json is in your nuget package.
liming.ma@volosoft.com
Thanks.
hi
context.Services.AddCors(options = will only execute once.
You can use MyCorsPolicyProvider to dynamic get doamins from database/cache.
// context.Services.AddCors(options =>
// {
// options.AddDefaultPolicy(builder =>
// {
// builder
// .WithOrigins(
// configuration["App:CorsOrigins"]?
// .Split(",", StringSplitOptions.RemoveEmptyEntries)
// .Select(o => o.Trim().RemovePostFix("/"))
// .ToArray() ?? Array.Empty<string>()
// )
// .WithAbpExposedHeaders()
// .SetIsOriginAllowedToAllowWildcardSubdomains()
// .AllowAnyHeader()
// .AllowAnyMethod()
// .AllowCredentials();
// });
// });
context.Services.RemoveAll(typeof(ICorsPolicyProvider));
context.Services.Add(ServiceDescriptor.Transient<ICorsPolicyProvider, MyCorsPolicyProvider>());
public class MyCorsPolicyProvider : ICorsPolicyProvider
{
private readonly static Task<CorsPolicy?> NullResult = Task.FromResult<CorsPolicy?>(null);
private readonly CorsOptions _options;
public MyCorsPolicyProvider(IOptions<CorsOptions> options)
{
_options = options.Value;
}
public async Task<CorsPolicy?> GetPolicyAsync(HttpContext context, string? policyName)
{
//get domains from database, remember to cache it
var domains = new List<string> { "https://localhost:44300", "https://localhost:44301" };
var builder = new CorsPolicyBuilder(Array.Empty<string>());
builder
.WithOrigins(
domains.Select(o => o.Trim().RemovePostFix("/"))
.ToArray() ?? Array.Empty<string>()
)
.WithAbpExposedHeaders()
.SetIsOriginAllowedToAllowWildcardSubdomains()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
var result = builder.Build();
return result;
}
}
