File: src\Components\Shared\src\DefaultAntiforgeryStateProvider.cs
Web Access
Project: src\src\Components\Server\src\Microsoft.AspNetCore.Components.Server.csproj (Microsoft.AspNetCore.Components.Server)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using System.Diagnostics.CodeAnalysis;
using Microsoft.AspNetCore.Components.Web;
 
namespace Microsoft.AspNetCore.Components.Forms;
 
internal class DefaultAntiforgeryStateProvider : AntiforgeryStateProvider, IDisposable
{
    private const string PersistenceKey = $"__internal__{nameof(AntiforgeryRequestToken)}";
    private readonly PersistingComponentStateSubscription _subscription;
    private readonly AntiforgeryRequestToken? _currentToken;
 
    [UnconditionalSuppressMessage(
    "Trimming",
    "IL2026:Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code",
    Justification = $"{nameof(DefaultAntiforgeryStateProvider)} uses the {nameof(PersistentComponentState)} APIs to deserialize the token, which are already annotated.")]
    public DefaultAntiforgeryStateProvider(PersistentComponentState state)
    {
        // Automatically flow the Request token to server/wasm through
        // persistent component state. This guarantees that the antiforgery
        // token is available on the interactive components, even when they
        // don't have access to the request.
        _subscription = state.RegisterOnPersisting(() =>
        {
            state.PersistAsJson(PersistenceKey, GetAntiforgeryToken());
            return Task.CompletedTask;
        }, RenderMode.InteractiveAuto);
 
        state.TryTakeFromJson(PersistenceKey, out _currentToken);
    }
 
    /// <inheritdoc />
    public override AntiforgeryRequestToken? GetAntiforgeryToken() => _currentToken;
 
    /// <inheritdoc />
    public void Dispose() => _subscription.Dispose();
}