From 0a2efc252fbd90653ea22ca58206d801b4c050e2 Mon Sep 17 00:00:00 2001
From: Mole <nikolajlauridsen@protonmail.ch>
Date: Wed, 24 Feb 2021 13:20:53 +0100
Subject: [PATCH] Re introduce cookie check, but adding return statement

---
 .../ValidateAngularAntiForgeryTokenAttribute.cs        | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/Umbraco.Web.BackOffice/Filters/ValidateAngularAntiForgeryTokenAttribute.cs b/src/Umbraco.Web.BackOffice/Filters/ValidateAngularAntiForgeryTokenAttribute.cs
index f45744b16d..c4290396b6 100644
--- a/src/Umbraco.Web.BackOffice/Filters/ValidateAngularAntiForgeryTokenAttribute.cs
+++ b/src/Umbraco.Web.BackOffice/Filters/ValidateAngularAntiForgeryTokenAttribute.cs
@@ -44,6 +44,16 @@ namespace Umbraco.Cms.Web.BackOffice.Filters
 
             public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
             {
+                if (context.Controller is ControllerBase controller && controller.User.Identity is ClaimsIdentity userIdentity)
+                {
+                    // if there is not CookiePath claim, then exit
+                    if (userIdentity.HasClaim(x => x.Type == ClaimTypes.CookiePath) == false)
+                    {
+                        await next();
+                        return;
+                    }
+                }
+
                 var cookieToken = _cookieManager.GetCookieValue(Constants.Web.CsrfValidationCookieName);
                 var httpContext = context.HttpContext;