I am converting a Blazor ver 6/7 Server to ver 8 InteractiveServer.
In ver 6/7 I set up anti-forgery with the following in _Host.cshtml
@inject IAntiforgery Xsrf// ...<body> @{ var initialTokenState = new InitialApplicationState { XsrfToken = Xsrf.GetAndStoreTokens(HttpContext).RequestToken, Cookie = HttpContext.Request.Cookies[".AspNetCore.Cookies"], RemoteIp = HttpContext.GetRemoteIpAddress(Logger) }; }I moved the content of _Host.cshtml to App.razor and in App.razor, it has no HttpContext property. This documentation discusses submitting a form, but nothing about setting it up for rendering a page. When I try to run and render a page (no form on it), I get:
InvalidOperationException: Endpoint /sitemap (/sitemap) contains anti-forgery metadata, but a middleware was not found that supports anti-forgery.Configure your application startup by adding app.UseAntiforgery() in the application startup code. If there are calls to app.UseRouting() and app.UseEndpoints(...), the call to app.UseAntiforgery() must go between them. Calls to app.UseAntiforgery() must be placed after calls to app.UseAuthentication() and app.UseAuthorization().Clearly there are different steps I should be taking for anti-forgery in version 8. Where is this documented? And in my case - no endpoints. My app is going from rendermode ver 6/7 server to ver 8 InteractiveServer. (And a Google search for useantiforgery just leads to others asking about all this.)
Update: The ver 6/7 approach also depends on:
[Parameter]public InitialApplicationState? InitialState { get; set; }That is now null. If this all goes away, no problem. But if InitialApplicationState is still needed, where/how do I get that?