Then you can create a middleware as below and get the generated cookie and pass it to the RequestVerificationToken header.
P.S. If your GET requests don't change the state (and it shouldn't in most cases), you don't need to add anti-forgery token validation, in my opinion.
public class SetRequestVerificationHeaderMiddleware
{
private readonly RequestDelegate _next;
private readonly IAbpAntiForgeryManager _abpAntiForgeryManager;
public ValidateAntiForgeryTokenMiddleware(RequestDelegate next, IAbpAntiForgeryManager abpAntiForgeryManager)
{
_next = next;
_abpAntiForgeryManager = abpAntiForgeryManager;
}
public async Task Invoke(HttpContext context)
{
if (HttpMethods.IsGet(context.Request.Method))
{
var antiForgeryToken = await _abpAntiForgeryManager.GenerateToken();
context.Request.Headers["RequestVerificationToken"] = antiForgeryToken;
}
await _next(context);
}
}
//use middleware
app.UseMiddleware<SetRequestVerificationHeaderMiddleware>();
When you enabled auto validation for GET requests, you need to pass the RequestVerificationToken header with your requests. Unless you'll get an HTTP 400 error. But if you're making your requests via Swagger you won't get that error because a request verification token is set on behalf of you in every request. (https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/ui/abp.swagger.js#L25-L29)
So try to send a request to one of your services via Postman or simply using a browser, you'll get the following error.
You can generate and set the cookie for your requests, useIAbpAntiForgeryManager.SetCookie() method.
I am closing the question since your problem seems resolved with this issue. Thanks @jhsanc
Hi @AlderCove, CMS Kit module does not support module entity extension for now. I've created an issue for it (#11525).
Is the list above the exhaustive list of modules that do support the feature?
In addition to this list, there is also ConfigureTenantManagement.
Hi @Anjaneyulu, I think you don't need to create a manual Anti Forgery Token Middleware. Instead, you can define AbpAntiForgeryOptions to enable auto validation for GET requests.
Configure<AbpAntiForgeryOptions>(options =>
{
//By default only POST requests auto validate anti forgery tokens.
//In other word "GET", "HEAD", "TRACE" and "OPTIONS" HTTP methods are ignored.
options.AutoValidateIgnoredHttpMethods.Remove("GET"); //auto validate for GET requests
});
See CSRF Anti Forgery documentation for more information
Hi @zhongfang, you can update your UseAbpRequestLocalization middleware (under your *.HttpApiHostModule) as follows:
//list your supported cultures
var supportedCultures = new[]
{
new CultureInfo("zh-Hans"),
new CultureInfo("cs"),
new CultureInfo("en"),
new CultureInfo("tr"),
//...
};
app.UseAbpRequestLocalization(options =>
{
options.DefaultRequestCulture = new RequestCulture("zh-Hans"); //set default as zh-Hans
options.SupportedCultures = supportedCultures;
options.SupportedUICultures = supportedCultures;
options.RequestCultureProviders = new List<IRequestCultureProvider>
{
// there are three culture providers
new QueryStringRequestCultureProvider(),
new CookieRequestCultureProvider(),
new AcceptLanguageHeaderRequestCultureProvider()
};
});
https://github.com/abpframework/abp/issues/2775 https://docs.microsoft.com/en-us/aspnet/core/fundamentals/localization?view=aspnetcore-6.0#localization-middleware
Volo.Filemanagement can't build on linux system, because the path is badly formed
Hi @brike.kuo@authme.com, this was a well-known problem and we've fixed it in the v5.1.3. So, please update your CLI version to v5.1.3 it will fix your problem.
dotnet tool update -g Volo.Abp.Cli
Can you open a new question for your second issue? Because it's hard to keep track of more than one issue in a question. Also in a separate question, your problem can be solved more quickly.
Hi @LW, please see https://support.abp.io/QA/Questions/2366/token-call-every-one-second#answer-47b89782-3816-2c1c-7224-3a013c724e1e.
Hi @cellero, we're planning to release a beta version in the next weeks.
One exciting news is about the LeptonX theme; We are working on making it available in MVC (Razor Pages) and Blazor UI options too (in addition to the Angular UI). We are also adding more components, layout options, demo pages, etc... We are planning to release a beta version in the next weeks. https://blog.abp.io/abp/ABP.IO-Platform-v5-1-Has-Been-Released
Hi again @nhath, I've shared the solution with you via email, you can check your email. But I also want to share it here to help developers who can face the same problem.
AbpContentToolbar.So instead of defining like below,
<div id="my-toolbar-content" class="text-lg-right">
@await RenderSectionAsync("my-toolbar-content", false)
</div>
you should define like follows:
<div id="AbpContentToolbar" class="text-lg-right">
@await RenderSectionAsync("my-toolbar-content", false)
</div>
I close the question since your problem should be fixed, but if it still persists please don't hesitate to re-open the question. Best Regards.
