服务器无法追加头HTTP标头后,必须在@ Html.AntiForgery发送异常 [英] Server Cannot Append Header After HTTP headers have been sent Exception at @Html.AntiForgery
问题描述
我正在开发中,我试图通过采用code以下重定向到RETURNURL一个asp.net mvc的5应用程序:
[HttpPost]
[使用AllowAnonymous]
公众的ActionResult登录(用户登陆模式,串RETURNURL)
{
如果(ModelState.IsValid)
{
字符串EncryptedPassword = GetMD5(model.Password);
如果(DataAccess.DAL.UserIsValid(model.Username,EncryptedPassword))
{
FormsAuthentication.SetAuthCookie(model.Username,真);
如果(String.IsNullOrEmpty(RETURNURL))
{
返回RedirectToAction(指数,家);
}
其他
{
的Response.Redirect(RETURNURL);
}
}
其他
{
ModelState.AddModelError(,无效的用户名或密码);
}
}
返回查看();
}
以上code工作正常,但问题是,当我发表登录表单,它给了我,我从来没有遇到之前的异常,我在解析一个产生在异常困难在Login.cshtml认为,在行:
@ Html.AntiForgeryToken()
和不同之处在于它抛出:
服务器后无法HTTP标头已被送往追加头。
我已经研究了很多,但我无法得到的结论。当我删除我的应用程序工作正常@ Html.AntiForgeryToken()线,但我不想这样做,我想我的应用程序保持跨站点请求保护。
任何人都可以请帮我,我该如何摆脱这种异常的?
在的Response.Redirect(anyUrl)
状态code被设置好的302
和头将添加到反应
HTTP 1.0 302移动对象
地点:http://anyurl.com
当的ViewResult
被执行,剃刀渲染视图中的 Html.AntiForgeryToken()
将调用,所以助手尝试添加标题 X-框架 - 选项
和一些饼干到响应,它是异常的原因。
但不要担心,你可以用su preSS加入 X-框架 - 选项
头的,只是把这个 AntiForgeryConfig.Sup pressXFrameOptionsHeader = TRUE;
在的Application_Start
但我建议你可以改变:
的Response.Redirect(RETURNURL);
到
返回重定向(RETURNURL);
块引用>注意
由于.NET code被打开了,你可以看到如何在 AntiForgeryToken 的作品,看到这里的AntiForgeryWorker
块引用>I'm developing an asp.net mvc 5 application in which I was trying to redirect to the ReturnUrl by applying the code below :
[HttpPost] [AllowAnonymous] public ActionResult Login(UserLogin model, string returnUrl) { if (ModelState.IsValid) { string EncryptedPassword = GetMD5(model.Password); if (DataAccess.DAL.UserIsValid(model.Username, EncryptedPassword)) { FormsAuthentication.SetAuthCookie(model.Username, true); if (String.IsNullOrEmpty(returnUrl)) { return RedirectToAction("Index", "Home"); } else { Response.Redirect(returnUrl); } } else { ModelState.AddModelError("", "Invalid Username or Password"); } } return View(); }
The above code is working fine, But the problem is that when I Post the login form, it gives me an Exception that I've never faced Before and I'm having difficulties resolving the exception that is generating in the view in Login.cshtml, At Line :
@Html.AntiForgeryToken()
And the Exception That it throws :
Server cannot append header after HTTP headers have been sent.
I've researched a lot but I'm unable to get to the conclusion. My application works fine when I remove @Html.AntiForgeryToken() line, But I don't want to do this, I want my application to remain cross-site request protected.
Can Anyone Please Help me out, How do I get rid of this Exception?
解决方案When
Response.Redirect(anyUrl)
the status code is setted to 302 and the header will added to the response :HTTP 1.0 302 Object Moved Location: http://anyurl.com
And when
ViewResult
is executed and razor render the view theHtml.AntiForgeryToken()
will called, so the helper try to add headerX-Frame-Options
and some cookies to the response, it is the cause of the exception.But dont worry you can supress the addition of
X-Frame-Options
header, just put thisAntiForgeryConfig.SuppressXFrameOptionsHeader = true;
in theApplication_start
.But I suggest you to change this:
Response.Redirect(returnUrl);
to
return Redirect(returnUrl);
Note
Since .NET code was opened you can see how the AntiForgeryToken works, see here AntiForgeryWorker
这篇关于服务器无法追加头HTTP标头后,必须在@ Html.AntiForgery发送异常的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!