Bring CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter back

src/SimplCommerce.Infrastructure/Web/CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter.cs

@@ -1,37 +1,34 @@
-//using System;
-//using Microsoft.AspNetCore.Antiforgery;
-//using Microsoft.AspNetCore.Authentication.JwtBearer;
-//using Microsoft.AspNetCore.Mvc.Filters;
-//using Microsoft.AspNetCore.Mvc.ViewFeatures.Internal;
-//using Microsoft.Extensions.Logging;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Antiforgery;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc.Filters;
 
-//namespace SimplCommerce.Infrastructure.Web
-//{
-//    public class CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter : AutoValidateAntiforgeryTokenAuthorizationFilter
-//    {
-//        public CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery, ILoggerFactory loggerFactory)
-//            : base(antiforgery, loggerFactory)
-//        {
-//        }
+namespace SimplCommerce.Infrastructure.Web
+{
+    public class CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery) : IAsyncAuthorizationFilter
+    {
+        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
+        {
+            var httpContext = context.HttpContext;
+            if (HttpMethods.IsGet(httpContext.Request.Method) ||
+                HttpMethods.IsHead(httpContext.Request.Method) ||
+                HttpMethods.IsOptions(httpContext.Request.Method) ||
+                HttpMethods.IsTrace(httpContext.Request.Method))
+            {
+                return;
+            }
 
-//        protected override bool ShouldValidate(AuthorizationFilterContext context)
-//        {
-//            if (context == null)
-//            {
-//                throw new ArgumentNullException(nameof(context));
-//            }
+            if (!httpContext.Request.Path.StartsWithSegments("/api"))
+            {
+                return;
+            }
 
-//            if (!context.HttpContext.Request.Path.StartsWithSegments("/api"))
-//            {
-//                return false;
-//            }
+            if (httpContext.User.Identity?.AuthenticationType != "Identity.Application")
+            {
+                return;
+            }
 
-//            if (context.HttpContext.User.Identity?.AuthenticationType != "Identity.Application")
-//            {
-//                return false;
-//            }
-
-//            return base.ShouldValidate(context);
-//        }
-//    }
-//}
+            await antiforgery.ValidateRequestAsync(httpContext);
+        }
+    }
+}

src/SimplCommerce.WebHost/Extensions/ServiceCollectionExtensions.cs

@@ -21,6 +21,7 @@
 using Microsoft.Extensions.Localization;
 using SimplCommerce.Infrastructure;
 using SimplCommerce.Infrastructure.Modules;
+using SimplCommerce.Infrastructure.Web;
 using SimplCommerce.Infrastructure.Web.ModelBinders;
 using SimplCommerce.Module.Core.Data;
 using SimplCommerce.Module.Core.Extensions;
@@ -59,10 +60,13 @@ public static IServiceCollection AddModules(this IServiceCollection services)
         public static IServiceCollection AddCustomizedMvc(this IServiceCollection services, IList<ModuleInfo> modules)
         {
             var mvcBuilder = services
-                .AddMvc(o =>
+                .AddMvc(options =>
                 {
-                    o.EnableEndpointRouting = false;
-                    o.ModelBinderProviders.Insert(0, new InvariantDecimalModelBinderProvider());
+                    options.EnableEndpointRouting = false;
+                    options.ModelBinderProviders.Insert(0, new InvariantDecimalModelBinderProvider());
+
+                    options.Filters.Add<CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter>();
+
                 })
                 .AddViewLocalization()
                 .AddModelBindingMessagesLocalizer(services)