Merge fix-antiforgery-statuscodepages into dev (share-link 404 fix: session/mix release-mode share + /404 antiforgery ordering)

This commit is contained in:
daniel-c-harvey
2026-06-16 20:01:36 -04:00
4 changed files with 17 additions and 11 deletions
@@ -54,7 +54,7 @@ public partial class SharePopover : ComponentBase, IDisposable
? $"{Navigation.BaseUri.TrimEnd('/')}{ReleaseRoutes.DetailHref(ReleaseEntryKey!, ReleaseMedium)}"
: TrackUrl;
private string TrackUrl => $"{Navigation.BaseUri}track/{EntryKey}";
private string TrackUrl => $"{Navigation.BaseUri}tracks/{EntryKey}";
private string EmbedSnippet =>
$"""<iframe src="{Navigation.BaseUri}FramePlayer?TrackEntryKey={EntryKey}" width="656" height="196" frameborder="0" style="border-radius:8px;" allow="autoplay"></iframe>""";
+8 -1
View File
@@ -46,7 +46,8 @@ else
Track="@ViewModel.Track"
BackHref="/mixes"
BackLabel="All mixes"
ShowMeta="@(hasGenre || hasDate)">
ShowMeta="@(hasGenre || hasDate)"
ShowShareRow="false">
<TopRightAction>
@* Lava-lamp button top-right, across from the back link. Toggles the INLINE seven-knob
control bar that animates open/closed in place below it (lava reframe §7b) — not a
@@ -100,6 +101,12 @@ else
</div>
}
</MetaContent>
<BodyContent>
@* Release-mode share: copies the canonical /mixes/{entryKey} URL, not a single track (§3b). *@
<div class="deepdrft-share-row">
<SharePopover ReleaseEntryKey="@release.EntryKey" ReleaseMedium="@release.Medium" />
</div>
</BodyContent>
</ReleaseDetailScaffold>
</MudContainer>
</div>
@@ -87,12 +87,10 @@ else
</div>
}
</MudStack>
@if (ViewModel.Track is not null)
{
<div class="session-hero-share">
<SharePopover EntryKey="@ViewModel.Track.EntryKey" />
</div>
}
@* Release-mode share: copies the canonical /sessions/{entryKey} URL, not a single track (§3b). *@
<div class="session-hero-share">
<SharePopover ReleaseEntryKey="@release.EntryKey" ReleaseMedium="@release.Medium" />
</div>
</div>
@* Bottom overlay: cover thumbnail, title/artist, and the play affordance in one row. *@
+4 -3
View File
@@ -100,6 +100,10 @@ app.Use(async (context, next) =>
await next();
});
// StatusCodePages must sit upstream of UseAntiforgery so that re-executed requests
// (e.g. /404) flow through the antiforgery middleware before reaching the endpoint.
app.UseStatusCodePagesWithReExecute("/404", createScopeForStatusCodePages: true);
// Antiforgery is required by Blazor form handling. Authentication / authorization
// middleware is intentionally absent — this host is fully anonymous.
app.UseAntiforgery();
@@ -144,7 +148,4 @@ app.MapRazorComponents<App>()
.AddInteractiveWebAssemblyRenderMode()
.AddAdditionalAssemblies(typeof(DeepDrftPublic.Client._Imports).Assembly);
app.UseStatusCodePagesWithReExecute("/404", createScopeForStatusCodePages: true);
app.Run();