Browse Source

Fixed auth ajax request not allowing cross-domain.

master
Teknikode 6 years ago
parent
commit
897fd5ecfd
  1. 2
      Teknik/Areas/Profile/Views/Profile/Login.cshtml
  2. 2
      Teknik/Areas/Profile/Views/Profile/Register.cshtml
  3. 6
      Teknik/Global.asax.cs
  4. 3
      Teknik/Scripts/Common.js
  5. 2
      Teknik/Web.config

2
Teknik/Areas/Profile/Views/Profile/Login.cshtml

@ -2,7 +2,7 @@ @@ -2,7 +2,7 @@
@if (Model.Config.UserConfig.LoginEnabled)
{
<form role="form" id="loginForm" action="@Url.SubRouteUrl("www", "Profile.Login")" method="post" accept-charset="UTF-8">
<form role="form" id="loginForm" action="@Url.SubRouteUrl("profile", "Profile.Login")" method="post" accept-charset="UTF-8">
<input name="ReturnUrl" id="ReturnUrl" type="hidden" value="@Model.ReturnUrl" />
<div class="form-group">
<input type="text" class="form-control" id="Username" value="" placeholder="Username" name="Username" data-val-required="The Username field is required." data-val="true" />

2
Teknik/Areas/Profile/Views/Profile/Register.cshtml

@ -2,7 +2,7 @@ @@ -2,7 +2,7 @@
@if (Model.Config.UserConfig.RegistrationEnabled)
{
<form role="form" id="registrationForm" action="@Url.SubRouteUrl("www", "Profile.Register")" method="post" accept-charset="UTF-8">
<form role="form" id="registrationForm" action="@Url.SubRouteUrl("profile", "Profile.Register")" method="post" accept-charset="UTF-8">
<input name="ReturnUrl" id="ReturnUrl" type="hidden" value="@Model.ReturnUrl" />
<div class="form-group">
<input type="text" class="form-control" id="Username" value="" placeholder="Username" name="Username" data-val-required="The Username field is required." data-val="true"/>

6
Teknik/Global.asax.cs

@ -15,6 +15,7 @@ using System.ComponentModel; @@ -15,6 +15,7 @@ using System.ComponentModel;
using Teknik.Areas.Error.Controllers;
using System.Web.Helpers;
using System.Diagnostics;
using System.Collections.Specialized;
namespace Teknik
{
@ -54,6 +55,11 @@ namespace Teknik @@ -54,6 +55,11 @@ namespace Teknik
string elapsedTime = String.Format("{0} seconds", ts.TotalSeconds);
context.Response.AppendHeader("GenerationTime", elapsedTime);
// Allow this domain
string origin = context.Request.Headers.Get("Origin");
if (!string.IsNullOrEmpty(origin))
context.Response.AppendHeader("Access-Control-Allow-Origin", origin);
}
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)

3
Teknik/Scripts/Common.js

@ -12,6 +12,9 @@ @@ -12,6 +12,9 @@
type: "POST",
url: form.attr('action'),
data: form.serialize(),
xhrFields: {
withCredentials: true
},
success: function (html) {
if (html.result) {
window.location.reload();

2
Teknik/Web.config

@ -46,7 +46,7 @@ @@ -46,7 +46,7 @@
</security>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Accept, Content-Type" />
</customHeaders>

Loading…
Cancel
Save