Created
September 21, 2014 19:45
-
-
Save 3nth/6cc30c3b16e64073656f to your computer and use it in GitHub Desktop.
Add AntiForgeryToken to Response Header
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class AddCsrfTokenHeader:ActionFilterAttribute | |
| { | |
| public override void OnResultExecuted(ResultExecutedContext filterContext) | |
| { | |
| HttpCookie cookie = null; | |
| // First, try and get cookie from Response. That'll be a new cookie | |
| if (filterContext.HttpContext.Response.Cookies.AllKeys.Contains(AntiForgeryConfig.CookieName)) | |
| { | |
| cookie = filterContext.HttpContext.Response.Cookies.Get(AntiForgeryConfig.CookieName); | |
| } | |
| // If no new cookie, try and get from Request. Existing cookie is valid. | |
| if (cookie == null || String.IsNullOrEmpty(cookie.Value)) | |
| { | |
| if (filterContext.HttpContext.Request.Cookies.AllKeys.Contains(AntiForgeryConfig.CookieName)) | |
| { | |
| cookie = filterContext.HttpContext.Request.Cookies.Get(AntiForgeryConfig.CookieName); | |
| } | |
| } | |
| // If there's any cookie, then make a token for the header from it | |
| if (cookie != null && !String.IsNullOrEmpty(cookie.Value)) | |
| { | |
| string cookieToken = cookie.Value; | |
| string formToken; | |
| string nullToken; | |
| AntiForgery.GetTokens(cookieToken, out nullToken, out formToken); | |
| filterContext.HttpContext.Response.AddHeader("X-RequestVerificationToken", formToken); | |
| } | |
| base.OnResultExecuted(filterContext); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Useful for load testing an ASP.NET MVC app with loader.io and AntiForgeryTokens.