7

我在 cshtml 页面上有一个防伪造令牌(@Html.AntiForgeryToken()),它会生成一个 cookie RequestVerificationToken_Lw。此 cookie 的属性值为 HTTP 和 Secure。但我也需要设置 SameSite。我如何实现这一目标?

@Html.AntiForgeryToken()

__RequestVerificationToken_Lw__
4

1 回答 1

4

这有帮助吗?

在 Global.asax.cs

 public class MvcApplication : System.Web.HttpApplication
 {

        protected void Application_PreSendRequestHeaders(object sender,EventArgs e) {
            // This code will mark the __RequestVerificationToken cookie SameSite=Strict 
            if (Request.Cookies.Count>0) {
                foreach (string s in Request.Cookies.AllKeys) {
                    if (s.ToLower() == "__requestverificationtoken") {
                        HttpCookie c = Request.Cookies[s];
                        c.SameSite = System.Web.SameSiteMode.Strict;
                        Response.Cookies.Set(c);
                    }
                }
            }           
        }
 }
于 2020-01-14T11:08:31.903 回答