security: use more antiforgery tokens

2025-07-25 12:32:44 +10:00
parent fd43d85778
commit 7deead494b
222 changed files with 12919 additions and 11728 deletions
@@ -0,0 +1,30 @@
+using System.Web;
+using System.Web.Helpers;
+
+namespace Disco.Web
+{
+    public static class AntiForgeryExtensions
+    {
+        public static string GetToken(HttpContextBase context)
+        {
+            var previousCookieToken = default(string);
+
+            var previousCookie = context.Request.Cookies[AntiForgeryConfig.CookieName];
+            if (previousCookie != null && !string.IsNullOrEmpty(previousCookie.Value))
+                previousCookieToken = previousCookie.Value;
+
+            AntiForgery.GetTokens(previousCookieToken, out var cookieToken, out var formToken);
+
+            if (cookieToken != null)
+            {
+                var httpCookie = new HttpCookie(AntiForgeryConfig.CookieName, cookieToken);
+                httpCookie.HttpOnly = true;
+                if (AntiForgeryConfig.RequireSsl)
+                    httpCookie.Secure = true;
+
+                context.Response.Cookies.Set(httpCookie);
+            }
+            return formToken;
+        }
+    }
+}