Set ReasonPhrase to code InvalidCSRFToken on failed validation.

claudiamurialdo · claudiamurialdo · commit e002e7e3074c · 2023-08-18T15:18:24.000-03:00
diff --git a/dotnet/src/dotnetcore/GxNetCoreStartup/Startup.cs b/dotnet/src/dotnetcore/GxNetCoreStartup/Startup.cs
@@ -503,9 +503,11 @@ bool IsAspx(HttpContext context, string basePath)
 	}
 	public class CustomExceptionHandlerMiddleware
 	{
+		const string InvalidCSRFToken = "InvalidCSRFToken";
 		static readonly ILog log = log4net.LogManager.GetLogger(typeof(CustomExceptionHandlerMiddleware));
 		public async Task Invoke(HttpContext httpContext)
 		{
+			string httpReasonPhrase=string.Empty;
 			Exception ex = httpContext.Features.Get<IExceptionHandlerFeature>()?.Error;
 			HttpStatusCode httpStatusCode = (HttpStatusCode)httpContext.Response.StatusCode;
 			if (ex!=null)
@@ -519,6 +521,7 @@ public async Task Invoke(HttpContext httpContext)
 				{
 					//"The required antiforgery header value "X-GXCSRF-TOKEN" is not present.
 					httpStatusCode = HttpStatusCode.BadRequest;
+					httpReasonPhrase = InvalidCSRFToken;
 					GXLogging.Error(log, $"Validation of antiforgery failed", ex);
 				}
 				else
@@ -538,6 +541,12 @@ public async Task Invoke(HttpContext httpContext)
 				{
 					httpContext.Response.StatusCode = (int)httpStatusCode;
 				}
+				if (!string.IsNullOrEmpty(httpReasonPhrase))
+				{
+					IHttpResponseFeature responseReason = httpContext.Response.HttpContext.Features.Get<IHttpResponseFeature>();
+					if (responseReason!=null)
+						responseReason.ReasonPhrase = httpReasonPhrase;
+				}
 			}
 			await Task.CompletedTask;
 		}

Original file line number	Diff line number	Diff line change
`@@ -503,9 +503,11 @@ bool IsAspx(HttpContext context, string basePath)`
`503`	`503`	`}`
`504`	`504`	`public class CustomExceptionHandlerMiddleware`
`505`	`505`	`{`
	`506`	`+ const string InvalidCSRFToken = "InvalidCSRFToken";`
`506`	`507`	`static readonly ILog log = log4net.LogManager.GetLogger(typeof(CustomExceptionHandlerMiddleware));`
`507`	`508`	`public async Task Invoke(HttpContext httpContext)`
`508`	`509`	`{`
	`510`	`+ string httpReasonPhrase=string.Empty;`
`509`	`511`	`Exception ex = httpContext.Features.Get<IExceptionHandlerFeature>()?.Error;`
`510`	`512`	`HttpStatusCode httpStatusCode = (HttpStatusCode)httpContext.Response.StatusCode;`
`511`	`513`	`if (ex!=null)`
`@@ -519,6 +521,7 @@ public async Task Invoke(HttpContext httpContext)`
`519`	`521`	`{`
`520`	`522`	`//"The required antiforgery header value "X-GXCSRF-TOKEN" is not present.`
`521`	`523`	`httpStatusCode = HttpStatusCode.BadRequest;`
	`524`	`+ httpReasonPhrase = InvalidCSRFToken;`
`522`	`525`	`GXLogging.Error(log, $"Validation of antiforgery failed", ex);`
`523`	`526`	`}`
`524`	`527`	`else`
`@@ -538,6 +541,12 @@ public async Task Invoke(HttpContext httpContext)`
`538`	`541`	`{`
`539`	`542`	`httpContext.Response.StatusCode = (int)httpStatusCode;`
`540`	`543`	`}`
	`544`	`+ if (!string.IsNullOrEmpty(httpReasonPhrase))`
	`545`	`+ {`
	`546`	`+ IHttpResponseFeature responseReason = httpContext.Response.HttpContext.Features.Get<IHttpResponseFeature>();`
	`547`	`+ if (responseReason!=null)`
	`548`	`+ responseReason.ReasonPhrase = httpReasonPhrase;`
	`549`	`+ }`
`541`	`550`	`}`
`542`	`551`	`await Task.CompletedTask;`
`543`	`552`	`}`