Antiforgery integration for minimal APIs #173
Description
See Antiforgery integration for minimal APIs
and this sample
In this code I pass in the action so
app.MapGet("/DisableAntiforgery", () =>
{
return Results.Content(MyHtml.html("/todo"), "text/html");
});
app.MapGet("/post2", () =>
{
return Results.Content(MyHtml.html("/todo2"), "text/html");
});
Can use the same HTML when they pass in the action arg.
Is there a clean way to do this to pass in an arg for
<input name="{token.FormFieldName}"
type="hidden" value="{token.RequestToken}" />
Maybe that makes things too messy. Perhaps I should duplicate most of the HTML and not get the HTML from a method while passing the action.
public static string html2(string action, AntiforgeryTokenSet token) => $"""
<html><body>
<form action="{action}" method="POST" enctype="multipart/form-data">
<input name="{token.FormFieldName}"
type="hidden" value="{token.RequestToken}" />
<input type="text" name="name" />
<input type="date" name="dueDate" />
<input type="checkbox" name="isCompleted" />
<input type="submit" />
</form>
</body></html>
""";
Works, but I'm not sure it's an improvement. There's no way to pass in a null token.
cc @guardrex