-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
easy way to have a custom AntiforgeryValidationException Error Page #3616
Comments
Have you tried creating your own error handler as explained in the error handling docs? You should be able to catch the |
sadly, i.e.:
the best thing I can do is to overwrite |
Hmm, you are right, the ValidateAntiforgeryTokenAuthorizationFilter does that and there is unfortunately no way to hook into that. Allowing to hook into that, using some event system (like with the authentication stack) or by splitting up the validation, is probably too complicated and unfortunately, authorization filters are also called before exception filters (so you cannot just throw from authorization filters and have an exception filter handle it). Also unfortunately, returning a result from an authorization filter short-circuits the MVC filter pipeline, so one couldn’t even inspect the result to handle the But what we could do maybe is create a custom |
well having something in context.Items which says "this 400 result was caused by xyz" would be enough since there is a |
I just pushed a WIP PR for this over at aspnet/Mvc#8604 that implements the idea outlined above. You would use it like this to configure a redirect for example:
|
As part of the PR @poke sent, Antiforgery filter returns an |
well the outcome of the PR is really good, thanks @poke! and Asp.Net Core Team! |
Hello, currently I have a .net core app (some parts are Razor Pages), currently we also share the same cookie with an old webforms app (thanks owin).
Currently if I try to Login with the same browser window in two tabs (i.e. same happens inside the old app), I will get an
400
response without a body, which is really really ugly.I actually tried everything to get rid of it (even disabling AntiForgery for Login, which I guess does not work?!) but what I actually wanted to do is having a nice looking error page.
Currently that is what is happening inside my logs:
it would be great if there was a way to have an event where I can actually handle the exception and post a nice looking error page to the user, i.e. something like "you probably already logged in inside another tab" or if it is not login based (do something different).
however the issue is either one of the following:
i.e. and no it's not a programmer error if a user tries to login twice. (aspnet/Mvc#8276)
The text was updated successfully, but these errors were encountered: