The POST action seems to have no effect on the .net core controller.
If you put [IgnoreAntiforgeryToken] attribute on the server controller method, it works. But dont‘ leave it like that exposing vulnerability.
Turns out, Angular uses a particular header name "X-XSRF-TOKEN" to store token for the server to accept: https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-2.1#angularjs
The following client code snippet in the Angular 6 component works. It‘s just part of ngx-uploader sample code. Only to note the headers line.
const event: UploadInput = {type: ‘uploadAll‘,url: this.UPLOAD_API_URL + ‘?guid=‘ + this.guid,method: ‘POST‘,headers: {‘X-XSRF-TOKEN‘: this._cookieService.get("XSRF-TOKEN")},withCredentials: true,data: { foo: ‘bar‘ }};_cookieService is an injected service using ngx-cookie. You may use any cookie tool.
Why ngx-uploader doesn't like to cooperate with .net core 2.x?
原文地址:https://www.cnblogs.com/dfun/p/9926407.html