Re introduce cookie check, but adding return statement

2021-02-24 13:20:53 +01:00
parent 2fcae1cc28
commit 0a2efc252f
1 changed files with 10 additions and 0 deletions
--- a/src/Umbraco.Web.BackOffice/Filters/ValidateAngularAntiForgeryTokenAttribute.cs
+++ b/src/Umbraco.Web.BackOffice/Filters/ValidateAngularAntiForgeryTokenAttribute.cs
@@ -44,6 +44,16 @@ namespace Umbraco.Cms.Web.BackOffice.Filters

            public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
            {
+                if (context.Controller is ControllerBase controller && controller.User.Identity is ClaimsIdentity userIdentity)
+                {
+                    // if there is not CookiePath claim, then exit
+                    if (userIdentity.HasClaim(x => x.Type == ClaimTypes.CookiePath) == false)
+                    {
+                        await next();
+                        return;
+                    }
+                }
+
                var cookieToken = _cookieManager.GetCookieValue(Constants.Web.CsrfValidationCookieName);
                var httpContext = context.HttpContext;