Hello,
yes, we have exactly the same code as in your screenshot.
Hi team,
any clue on this ?
Hello,
no, we use VS 2019.
I sent you an email with related info.
v10.4 (Abp 6.4.0) Xamarin 16.10 Mono 6.12
Dear team,
we are not able to compile our app when targeting iOS.
The error we are facing is :
MTOUCH : error MT2102: Error processing the method 'System.Void Abp.Auditing.AuditingInterceptor/<InternalInterceptAsynchronous>d__6`1::MoveNext()' in the assembly 'Abp.dll': Value cannot be null.
We tried to downgrade abp version one by one major point, and it starts working with abp v5.x. We tried with disabling linker, with no luck.
It's a critical issue to us.
I can forward you by mail the whole build log and further info, if needed.
Thanks
Ok I think I understand. Thanks for these explainations ; it was really confusing because of the code with AbpAutoValidateAntiforgeryTokenAttribute in startup.cs and the boilerplate documentation.
Sorry, but :
Thanks for your response,
ok I got what you say, no problem.
But I still wonder why, in this case, the AspnetZero template adds the AbpAutoValidateAntiforgeryTokenAttribute in startup.cs ? https://aspnetboilerplate.com/Pages/Documents/XSRF-CSRF-Protection#integration-2
In ASP.NET Zero Angular applications, cookie is not being used
I do see a cookie for the application (and I have the "cookie consent" widget)
Hello,
so why is there the code to configure AbpAutoValidateAntiforgeryTokenAttribute in startup.cs ? And, why in the doc : https://docs.abp.io/en/abp/3.3/CSRF-Anti-Forgery there is a chapter about Angular, stating that "Since ABP Framework follows the ASP.NET Core conventions, it changes this value to RequestVerificationToken in the core package" ? I don't understand.
CORS is a different thing ; if an attacker forges a link to, say, "myapp/grant-permission-touser?userid=xxx", then send that by email, CORS are totally off topic there.
Hello,
(I'm a customer as you are, but I already faced this kind of issue :)
Are you 100% sure the code does enter your method ? The 500 error may be related to something else, like invalid EntityDto<> parameter. Can you post the error log (in the "App_Data\Logs\logs.txt" file) ?
Hello,
we are currently working on our security vulnerabilities, with static analysis.
We wanted to check our application against CSRF ; but it does not seem to work.
=> we do have the following in the startup.cs :
services.AddControllersWithViews(options =>
{
options.Filters.Add(new AbpAutoValidateAntiforgeryTokenAttribute());
}).AddNewtonsoftJson();
=> but if I open Chrome's devtools, then for instance upload a file in the chat (backend method 'UploadFile' is living in the "ChatControllerBase" class, Web.Core project), then check network tab in devtools, check request headers : no "X-CSRF-TOKEN', neither 'RequestVerificationToken".
I checked the following link : https://docs.abp.io/en/abp/3.3/CSRF-Anti-Forgery
I don't know what to try further.