yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

removes notes

Browse Source
This commit is contained in:
Shannon
2020-06-03 14:30:55 +10:00
parent 7ac01fc02f
commit bba0eceac0
1 changed files with 5 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeCookieOptions.cs
View File

@@ -77,19 +77,11 @@ namespace Umbraco.Web.BackOffice.Security
options.Cookie.SecurePolicy = _globalSettings.UseHttps ? CookieSecurePolicy.Always : CookieSecurePolicy.SameAsRequest;
options.Cookie.Path = "/";
// TODO: Review these, we shouldn't really be redirecting at all, need to check the source to see if we can prevent any redirects.
// I think we can do that by setting these to null in the events below, we cannot set them null here else they'll be replaced with defaults.
// OK ... so figured it out, we need to have certain headers in the request to ensure that aspnetcore knows it's an ajax request,
// see: https://github.com/dotnet/aspnetcore/blob/master/src/Security/Authentication/Cookies/src/CookieAuthenticationEvents.cs#L43
// and https://github.com/dotnet/aspnetcore/blob/master/src/Security/Authentication/Cookies/src/CookieAuthenticationEvents.cs#L104
// when those headers are set then it will respond with the correct status codes.
// OR we override `CookieAuthenticationEvents` with our own and do
// options.Events = new BackOfficeCookieAuthenticationEvents(); ... maybe that will give us more control anyways instead of using callbacks below?
// Those methods like OnRedirectToLogin are get/set so we can replace their logic, though actually looking at the code, if we replace these callbacks like
// we are doing below then no redirections should occur but we may need to deal with the status code, we'll need to see
options.AccessDeniedPath = _globalSettings.GetBackOfficePath(_hostingEnvironment);
options.LoginPath = _globalSettings.GetBackOfficePath(_hostingEnvironment);
options.LogoutPath = _globalSettings.GetBackOfficePath(_hostingEnvironment);
// For any redirections that may occur for the back office, they all go to the same path
var backOfficePath = _globalSettings.GetBackOfficePath(_hostingEnvironment);
options.AccessDeniedPath = backOfficePath;
options.LoginPath = backOfficePath;
options.LogoutPath = backOfficePath;
options.DataProtectionProvider = _dataProtection;