public void OnAuthorization(AuthorizationContext context)
{
var methodInfo = context.ActionDescriptor.GetMethodInfoOrNull();
if (methodInfo == null)
{
return;
}
var httpVerb = HttpVerbHelper.Create(context.HttpContext.Request.HttpMethod);
if (!_AntiForgeryManager.ShouldValidate(_antiForgeryWebConfiguration, methodInfo, httpVerb, _mvcConfiguration.IsAutomaticAntiForgeryValidationEnabled))
{
return;
}
if (!_AntiForgeryManager.IsValid(context.HttpContext))
{
CreateErrorResponse(context, methodInfo, "Empty or invalid anti forgery header token.");
}
}
public static HttpVerb ToHttpVerb(this HttpMethod method)
{
return(HttpVerbHelper.Create(method.Method));
}
