Skip to content

Instantly share code, notes, and snippets.

@andyedinborough

andyedinborough/AntiForgery.cs

Created December 4, 2018 14:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save andyedinborough/70661a3c5c635cba15cf4777a6c1a612 to your computer and use it in GitHub Desktop.
Save andyedinborough/70661a3c5c635cba15cf4777a6c1a612 to your computer and use it in GitHub Desktop.
Download ZIP
ASP.NET Core Antiforgery with custom cache header value
Raw
AntiForgery.cs
using Microsoft.AspNetCore.Antiforgery.Internal;
using Microsoft.AspNetCore.Http;
using Microsoft.Net.Http.Headers;
public class Antiforgery : DefaultAntiforgery
{
public Antiforgery(
Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions> antiforgeryOptionsAccessor,
IAntiforgeryTokenGenerator tokenGenerator,
IAntiforgeryTokenSerializer tokenSerializer,
IAntiforgeryTokenStore tokenStore,
Microsoft.Extensions.Logging.ILoggerFactory loggerFactory)
: base(antiforgeryOptionsAccessor, tokenGenerator, tokenSerializer, tokenStore, loggerFactory)
{
}
protected override void SetDoNotCacheHeaders(HttpContext httpContext)
{
CacheControlHeaderValue.TryParse(httpContext.Response.Headers[HeaderNames.CacheControl][0], out CacheControlHeaderValue cacheControlHeader);
if (cacheControlHeader == null)
{
cacheControlHeader = new CacheControlHeaderValue();
}
cacheControlHeader.NoCache = true;
cacheControlHeader.NoStore = true;
cacheControlHeader.MustRevalidate = true;
httpContext.Response.Headers[HeaderNames.CacheControl] = cacheControlHeader.ToString();
httpContext.Response.Headers[HeaderNames.Pragma] = "no-cache";
}
}
Raw
Startup.cs
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddSingleton<Microsoft.AspNetCore.Antiforgery.IAntiforgery, Antiforgery>();
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment