diff options
Diffstat (limited to 'src/System.Web.Mvc')
-rw-r--r-- | src/System.Web.Mvc/HtmlHelper.cs | 31 | ||||
-rw-r--r-- | src/System.Web.Mvc/ValidateAntiForgeryTokenAttribute.cs | 25 |
2 files changed, 47 insertions, 9 deletions
diff --git a/src/System.Web.Mvc/HtmlHelper.cs b/src/System.Web.Mvc/HtmlHelper.cs index d9a5d2d0..43c483bf 100644 --- a/src/System.Web.Mvc/HtmlHelper.cs +++ b/src/System.Web.Mvc/HtmlHelper.cs @@ -106,19 +106,44 @@ namespace System.Web.Mvc return result; } + [SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Justification = "For consistency, all helpers are instance methods.")] public MvcHtmlString AntiForgeryToken() { - return AntiForgeryToken(salt: null); + return new MvcHtmlString(AntiForgery.GetHtml().ToString()); } + [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AdditionalDataProvider", Justification = "API name.")] + [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AntiForgeryConfig", Justification = "API name.")] + [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AntiForgeryToken", Justification = "API name.")] + [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "httpCookies", Justification = "API name.")] + [SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Justification = "Method is obsolete.")] + [Obsolete("This method is deprecated. Use the AntiForgeryToken() method instead. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property.", error: true)] + [EditorBrowsable(EditorBrowsableState.Never)] public MvcHtmlString AntiForgeryToken(string salt) { - return AntiForgeryToken(salt, domain: null, path: null); + if (!String.IsNullOrEmpty(salt)) + { + throw new NotSupportedException("This method is deprecated. Use the AntiForgeryToken() method instead. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property."); + } + + return AntiForgeryToken(); } + [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AdditionalDataProvider", Justification = "API name.")] + [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AntiForgeryConfig", Justification = "API name.")] + [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AntiForgeryToken", Justification = "API name.")] + [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "httpCookies", Justification = "API name.")] + [SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Justification = "Method is obsolete.")] + [Obsolete("This method is deprecated. Use the AntiForgeryToken() method instead. To specify a custom domain for the generated cookie, use the <httpCookies> configuration element. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property.", error: true)] + [EditorBrowsable(EditorBrowsableState.Never)] public MvcHtmlString AntiForgeryToken(string salt, string domain, string path) { - return new MvcHtmlString(AntiForgery.GetHtml(ViewContext.HttpContext, salt, domain, path).ToString()); + if (!String.IsNullOrEmpty(salt) || !String.IsNullOrEmpty(domain) || !String.IsNullOrEmpty(path)) + { + throw new NotSupportedException("This method is deprecated. Use the AntiForgeryToken() method instead. To specify a custom domain for the generated cookie, use the <httpCookies> configuration element. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property."); + } + + return AntiForgeryToken(); } [SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Justification = "For consistency, all helpers are instance methods.")] diff --git a/src/System.Web.Mvc/ValidateAntiForgeryTokenAttribute.cs b/src/System.Web.Mvc/ValidateAntiForgeryTokenAttribute.cs index b948a0b0..810344c0 100644 --- a/src/System.Web.Mvc/ValidateAntiForgeryTokenAttribute.cs +++ b/src/System.Web.Mvc/ValidateAntiForgeryTokenAttribute.cs @@ -1,4 +1,6 @@ -using System.Diagnostics; +using System.ComponentModel; +using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; using System.Web.Helpers; namespace System.Web.Mvc @@ -13,19 +15,30 @@ namespace System.Web.Mvc { } - internal ValidateAntiForgeryTokenAttribute(Action<HttpContextBase, string> validateAction) + internal ValidateAntiForgeryTokenAttribute(Action validateAction) { Debug.Assert(validateAction != null); ValidateAction = validateAction; } + [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AdditionalDataProvider", Justification = "API name.")] + [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AntiForgeryConfig", Justification = "API name.")] + [Obsolete("The 'Salt' property is deprecated. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property.", error: true)] + [EditorBrowsable(EditorBrowsableState.Never)] public string Salt { - get { return _salt ?? String.Empty; } - set { _salt = value; } + get { return _salt; } + set + { + if (!String.IsNullOrEmpty(value)) + { + throw new NotSupportedException("The 'Salt' property is deprecated. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property."); + } + _salt = value; + } } - internal Action<HttpContextBase, string> ValidateAction { get; private set; } + internal Action ValidateAction { get; private set; } public void OnAuthorization(AuthorizationContext filterContext) { @@ -34,7 +47,7 @@ namespace System.Web.Mvc throw new ArgumentNullException("filterContext"); } - ValidateAction(filterContext.HttpContext, Salt); + ValidateAction(); } } } |