我正在尝试实现响应缓存并在某些操作上禁用默认的防伪行为,但是在每个请求中我都得到"
warn: Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery[8] "缓存控制"和"杂注"标头已被覆盖并设置 分别到"无缓存、无存储"和"无缓存"以防止缓存 的回应。任何使用防伪的响应都不应 缓存。
我在操作上定义了IgnoreAntiforgeryToken。有没有其他方法可以关闭默认的防伪?
启动.cs:
public void ConfigureServices(IServiceCollection services)
{
.
.
.
services.AddResponseCaching();
services.AddMvc(options =>
{
options.CacheProfiles.Add("Default",
new CacheProfile()
{
Duration = 240
});
options.CacheProfiles.Add("NoCache",
new CacheProfile()
{
Location = ResponseCacheLocation.None,
NoStore = true
});
})
.AddViewLocalization(Microsoft.AspNetCore.Mvc.Razor.LanguageViewLocationExpanderFormat.Suffix)
.AddDataAnnotationsLocalization();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
.
.
.
app.UseResponseCaching();
}
控制器.cs:
[IgnoreAntiforgeryToken]
[ResponseCache(CacheProfileName = "Default", VaryByQueryKeys = new string[] { "id" })]
[HttpGet("/Shop/Category/{id:int}", Name = "Category")]
public IActionResult Category(int id)
{
var result = this.AppHelper.ModelHelper.GetCategoryWrap(id);
return View(result);
}
在视图中生成表单时,将参数antiforgery
设置为 false
using (Html.BeginForm(
"MyAction",
"MyController",
null,
FormMethod.Post,
false, //<--this
new { if = "myForm", @class="mycssclass" }))
在
表单代码中使用asp-antiforgery
标签助手
<form action="" method="post" asp-antiforgery="false">
<div class="form-group">
<label for="remarks">enter remarks</label>
<textarea class="form-control" id="remarks" rows="3" name="remarks">
@if (videoViewModel.Remarks != null) {
@videoViewModel.Remarks
}
</textarea>
</div>
<button type="submit" class="btn btn-secondary mb-2">Submit</button>
</form>