Skip to content
This repository has been archived by the owner on Nov 22, 2018. It is now read-only.

Consider making DefaultAntiforgery scoped instead of singleton #62

Closed
HaoK opened this issue Mar 2, 2016 · 3 comments
Closed

Consider making DefaultAntiforgery scoped instead of singleton #62

HaoK opened this issue Mar 2, 2016 · 3 comments
Assignees
@ryanbrandenburg
Labels
3 - Done bug
Milestone
1.0.0-rc2

Comments

@HaoK
Copy link
Member

HaoK commented Mar 2, 2016

This would let us get rid of the service locator antipattern...

-Microsoft.AspNetCore.Antiforgery\Internal\DefaultAntiforgery.cs:331:
var contextAccessor = services.GetRequiredService<IAntiforgeryContextAccessor>();

-Microsoft.AspNetCore.Antiforgery\Internal\DefaultAntiforgery.cs:441:
var contextAccessor = services.GetRequiredService<IAntiforgeryContextAccessor>();

https://github.com/aspnet/Coherence-Signed/issues/186
@rynowak
Copy link
Member

rynowak commented Mar 2, 2016

Or, we can get rid of the context and use a feature, or HttpContext.Items.

This will have a cascading effect on MVC and cause a few filter implementations as well as bunch of HTML related infrastructure to become scoped. Scoped is really viral.

@rynowak
Copy link
Member

rynowak commented Mar 2, 2016

Ran this by @lodejard and he likes the idea of a feature. The stuff that antiforgery puts in the context really is related to the current HttpRequest as a unit of work.

@lodejard
Copy link

lodejard commented Mar 2, 2016

Yep

@Eilon Eilon added this to the 1.0.0-rc2 milestone Mar 7, 2016
@ryanbrandenburg ryanbrandenburg mentioned this issue Mar 23, 2016
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ryanbrandenburg ryanbrandenburg

Labels
3 - Done bug
Projects
None yet
Milestone
1.0.0-rc2
Development

No branches or pull requests
5 participants
@Eilon @rynowak @lodejard @HaoK @ryanbrandenburg