更新时间:2022-05-10 22:06:43
Razor Pages自动生成并验证防伪令牌以防止 CSRF 攻击。由于您没有在AJAX回调中发送任何令牌,因此请求失败。
Razor Pages automatically generates and validates Antiforgery tokens to prevent CSRF attacks. Since you aren't sending any token within your AJAX callback, the request fails.
要解决此问题,您将必须:
To solve this problem you will have to:
< form>
或直接使用 @ Html.AntiForgeryToken
HtmlHelper <form>
or by directly using the @Html.AntiForgeryToken
HtmlHelper
Startup.cs
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddRazorPages();
services.AddAntiforgery(o => o.HeaderName = "XSRF-TOKEN");
}
在AJAX回调中,我们添加了其他代码,以将 XSRF-TOKEN
与我们的请求标头一起发送。
In the AJAX callback we add additional code to send the XSRF-TOKEN
with our request header.
$.ajax({
type: "POST",
url: '/?handler=YOUR_CUSTOM_HANDLER', // Replace YOUR_CUSTOM_HANDLER with your handler.
contentType: "application/json; charset=utf-8",
beforeSend: function (xhr) {
xhr.setRequestHeader("XSRF-TOKEN",
$('input:hidden[name="__RequestVerificationToken"]').val());
},
dataType: "json"
}).done(function (data) {
console.log(data.result);
})
您可以通过添加< form>
来完成此操作:
<form method="post">
<input type="button" value="Ajax test" class="btn btn-default" onclick="ajaxTest();" />
</form>
或使用 @ Html.AntiForgeryToken
:
@Html.AntiForgeryToken()
<input type="button" value="Ajax test" class="btn btn-default" onclick="ajaxTest();" />
在这两种情况下,Razor页面都会自动添加一个包含反伪造令牌的隐藏输入字段。已加载:
In both cases Razor Pages will automatically add a hidden input field which contains the antiforgery token once the page is loaded:
<input name="__RequestVerificationToken" type="hidden" value="THE_TOKEN_VALUE" />