Merge fix-antiforgery-statuscodepages into dev (share-link 404 fix: session/mix release-mode share + /404 antiforgery ordering)
This commit is contained in:
@@ -54,7 +54,7 @@ public partial class SharePopover : ComponentBase, IDisposable
|
||||
? $"{Navigation.BaseUri.TrimEnd('/')}{ReleaseRoutes.DetailHref(ReleaseEntryKey!, ReleaseMedium)}"
|
||||
: TrackUrl;
|
||||
|
||||
private string TrackUrl => $"{Navigation.BaseUri}track/{EntryKey}";
|
||||
private string TrackUrl => $"{Navigation.BaseUri}tracks/{EntryKey}";
|
||||
|
||||
private string EmbedSnippet =>
|
||||
$"""<iframe src="{Navigation.BaseUri}FramePlayer?TrackEntryKey={EntryKey}" width="656" height="196" frameborder="0" style="border-radius:8px;" allow="autoplay"></iframe>""";
|
||||
|
||||
@@ -46,7 +46,8 @@ else
|
||||
Track="@ViewModel.Track"
|
||||
BackHref="/mixes"
|
||||
BackLabel="All mixes"
|
||||
ShowMeta="@(hasGenre || hasDate)">
|
||||
ShowMeta="@(hasGenre || hasDate)"
|
||||
ShowShareRow="false">
|
||||
<TopRightAction>
|
||||
@* Lava-lamp button top-right, across from the back link. Toggles the INLINE seven-knob
|
||||
control bar that animates open/closed in place below it (lava reframe §7b) — not a
|
||||
@@ -100,6 +101,12 @@ else
|
||||
</div>
|
||||
}
|
||||
</MetaContent>
|
||||
<BodyContent>
|
||||
@* Release-mode share: copies the canonical /mixes/{entryKey} URL, not a single track (§3b). *@
|
||||
<div class="deepdrft-share-row">
|
||||
<SharePopover ReleaseEntryKey="@release.EntryKey" ReleaseMedium="@release.Medium" />
|
||||
</div>
|
||||
</BodyContent>
|
||||
</ReleaseDetailScaffold>
|
||||
</MudContainer>
|
||||
</div>
|
||||
|
||||
@@ -87,12 +87,10 @@ else
|
||||
</div>
|
||||
}
|
||||
</MudStack>
|
||||
@if (ViewModel.Track is not null)
|
||||
{
|
||||
<div class="session-hero-share">
|
||||
<SharePopover EntryKey="@ViewModel.Track.EntryKey" />
|
||||
</div>
|
||||
}
|
||||
@* Release-mode share: copies the canonical /sessions/{entryKey} URL, not a single track (§3b). *@
|
||||
<div class="session-hero-share">
|
||||
<SharePopover ReleaseEntryKey="@release.EntryKey" ReleaseMedium="@release.Medium" />
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@* Bottom overlay: cover thumbnail, title/artist, and the play affordance in one row. *@
|
||||
|
||||
@@ -100,6 +100,10 @@ app.Use(async (context, next) =>
|
||||
await next();
|
||||
});
|
||||
|
||||
// StatusCodePages must sit upstream of UseAntiforgery so that re-executed requests
|
||||
// (e.g. /404) flow through the antiforgery middleware before reaching the endpoint.
|
||||
app.UseStatusCodePagesWithReExecute("/404", createScopeForStatusCodePages: true);
|
||||
|
||||
// Antiforgery is required by Blazor form handling. Authentication / authorization
|
||||
// middleware is intentionally absent — this host is fully anonymous.
|
||||
app.UseAntiforgery();
|
||||
@@ -144,7 +148,4 @@ app.MapRazorComponents<App>()
|
||||
.AddInteractiveWebAssemblyRenderMode()
|
||||
.AddAdditionalAssemblies(typeof(DeepDrftPublic.Client._Imports).Assembly);
|
||||
|
||||
app.UseStatusCodePagesWithReExecute("/404", createScopeForStatusCodePages: true);
|
||||
|
||||
|
||||
app.Run();
|
||||
|
||||
Reference in New Issue
Block a user