Emit antiforgery only when streaming

javiercn · javiercn · commit 6b7447d256b3 · 2025-07-10T12:51:13.000+02:00
diff --git a/src/Components/Endpoints/src/RazorComponentEndpointInvoker.cs b/src/Components/Endpoints/src/RazorComponentEndpointInvoker.cs
@@ -76,14 +76,6 @@ private async Task RenderComponentCore(HttpContext context)
             return;
         }
 
-        context.Response.OnStarting(() =>
-        {
-            // Generate the antiforgery tokens before we start streaming the response, as it needs
-            // to set the cookie header.
-            antiforgery!.GetAndStoreTokens(context);
-            return Task.CompletedTask;
-        });
-
         if (httpActivityContext != default)
         {
             _activityLinkStore.SetActivityContext(ComponentsActivityLinkStore.Http, httpActivityContext, null);
@@ -154,6 +146,8 @@ await _renderer.InitializeStandardComponentServicesAsync(
 
         if (!quiesceTask.IsCompletedSuccessfully)
         {
+            // We need to ensure that the antiforgery tokens are generated and stored in the response
+            antiforgery!.GetAndStoreTokens(context);
             await _renderer.SendStreamingUpdatesAsync(context, quiesceTask, bufferWriter);
         }
         else

Original file line number	Diff line number	Diff line change
`@@ -76,14 +76,6 @@ private async Task RenderComponentCore(HttpContext context)`
`76`	`76`	`return;`
`77`	`77`	`}`
`78`	`78`
`79`		`- context.Response.OnStarting(() =>`
`80`		`- {`
`81`		`- // Generate the antiforgery tokens before we start streaming the response, as it needs`
`82`		`- // to set the cookie header.`
`83`		`- antiforgery!.GetAndStoreTokens(context);`
`84`		`- return Task.CompletedTask;`
`85`		`- });`
`86`		`-`
`87`	`79`	`if (httpActivityContext != default)`
`88`	`80`	`{`
`89`	`81`	`_activityLinkStore.SetActivityContext(ComponentsActivityLinkStore.Http, httpActivityContext, null);`
`@@ -154,6 +146,8 @@ await _renderer.InitializeStandardComponentServicesAsync(`
`154`	`146`
`155`	`147`	`if (!quiesceTask.IsCompletedSuccessfully)`
`156`	`148`	`{`
	`149`	`+ // We need to ensure that the antiforgery tokens are generated and stored in the response`
	`150`	`+ antiforgery!.GetAndStoreTokens(context);`
`157`	`151`	`await _renderer.SendStreamingUpdatesAsync(context, quiesceTask, bufferWriter);`
`158`	`152`	`}`
`159`	`153`	`else`