Open Closed

Abp v8 preview rc2 upgrade maui antiforgery token problem #6271


User avatar
0
cangunaydin created
  • ABP Framework version: v8.0.0 rc2
  • UI Type: Maui
  • Database System: EF Core (PostgreSQL)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes

Hello I am having problem with maui application when i do posts to the api. HttpStatusCode:400 returns every time, is sth changed on antiforgery token middleware on version 8? I didn't have this problem on v7.4. To reproduce the problem just create a new project from scratch with v8 rc2. abp new BookStore -t app-pro -u angular -dbms PostgreSQL --separate-auth-server -m maui -csf --preview then try to run maui app and **create a new user **(or try to do any post or put). you will get an error. Bad Request with status code 400

is there a way to ignore antiforgery token check for mobile app calls only.


3 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    It's a bug, we will fix it in the next patch version. Your ticket was refunded.

    Now you can try update the GetInsecureHandler method:

    private static HttpMessageHandler GetInsecureHandler()
    {
    #if ANDROID
        var handler = new HttpClientHandler()
        {
           UseCookies = false
        };
        handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) =>
        {
            if (cert is { Issuer: "CN=localhost" })
            {
                return true;
            }
    
            return errors == System.Net.Security.SslPolicyErrors.None;
        };
        return handler;
    #elif IOS
        var handler = new NSUrlSessionHandler
        {
            UseCookies = false,
            TrustOverrideForUrl = (sender, url, trust) => url.StartsWith("https://localhost")
        };
        return handler;
    #elif WINDOWS || MACCATALYST
        return new HttpClientHandler()
        {
            UseCookies = false
        };
    #else
         throw new PlatformNotSupportedException("Only Android, iOS, MacCatalyst, and Windows supported.");
    #endif
    }
    
  • User Avatar
    0
    cangunaydin created

    Hello, Thanks for the solution. I wonder two things.

    • Is the bug related to backend or is it because assigning a xsrf token to header while sending from the maui client? Probably the latter. Cause i replace the AbpAutoValidateAntiforgeryTokenAuthorizationFilter class it always come with xsrf token when i do a post from maui client.
    • How can i see the source code of Volo.Abp.Maui.Client package?

    Also if i want to intercept the http requests, what is the correct way to do it in Maui Project? Let's say i want to add extra header for specific request. I tried sth like this but this doesn't work.

    [Volo.Abp.DependencyInjection.Dependency(ReplaceServices = true)]
    [ExposeServices(typeof(DynamicHttpProxyInterceptorClientProxy<IIdentityUserAppService>))]
    public class IdentityUserAppServiceHttpProxyInterceptorClientProxy : DynamicHttpProxyInterceptorClientProxy<IIdentityUserAppService>
    {
        protected override void AddHeaders(IReadOnlyDictionary<string, object> argumentsDictionary, ActionApiDescriptionModel action,
            HttpRequestMessage requestMessage, ApiVersionInfo apiVersion)
        {
            base.AddHeaders(argumentsDictionary, action, requestMessage, apiVersion);
            
        }
    
        protected override Task<HttpContent> RequestAsync(ClientProxyRequestContext requestContext)
        {
            return base.RequestAsync(requestContext);
        }
    }
    
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Is the bug related to backend or is it because assigning a xsrf token to header while sending from the maui client? Probably the latter. Cause i replace the AbpAutoValidateAntiforgeryTokenAuthorizationFilter class it always come with xsrf token when i do a post from maui client.

    This is a bug of the GetInsecureHandler method.

    How can i see the source code of Volo.Abp.Maui.Client package?

    You can add DelegatingHandler:

    public class MyHttpMessageHandler : DelegatingHandler, ITransientDependency
    {
    
        protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
              request.Headers .....;
    
              return await base.SendAsync(request, cancellationToken);
            
        }
    }
    
    public override void PreConfigureServices(ServiceConfigurationContext context)
    {
        PreConfigure<AbpHttpClientBuilderOptions>(options =>
        {
            options.ProxyClientBuildActions.Add((_, builder) =>
            {
                builder.AddHttpMessageHandler<MyHttpMessageHandler>();
            });
        });
    }
    
Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15