ASPNET MVC POST DELETE PUT 请求返回 400 (Bad Request)

近日遇到 POST DELETE PUT 请求返回 400 (Bad Request)，而GET请求正常的情况

经几日排查，发现是【防止 ASP.NET MVC 应用程序中的跨站点请求伪造 (CSRF) 攻击】导致的

解决方法：在请求头中加入 RequestVerificationToken

        @inject Microsoft.AspNetCore.Antiforgery.IAntiforgery Antiforgery
        @{
            ViewData["Title"] = "JavaScript";

            var requestToken = Antiforgery.GetAndStoreTokens(Context).RequestToken;
            ViewData["requestToken"] = requestToken;
        }

        window.requestToken = '@ViewData["requestToken"]';

将从服务获取到的RequestVerificationToken保存在 window.requestToken 中

    /**
     * 处理请求
     * @param options 请求
     * @returns 请求
     */
    protected transformOptions(options: RequestInit): Promise<RequestInit> {
        
        options.headers = {
            ...options.headers,
            "X-Requested-With": "XMLHttpRequest",        // 为Ajax请求  设置为null 则为同步请求
            Requestverificationtoken: (window as any).requestToken, // 添加 反 CSRF token  ，该值在_Layout.cshtml中从服务器中获取
            //Authorization: this.config.getAuthorization(),
            //// myHeader: 'myValue',
            //// RequestVerificationToken: 'CfDJ8FCgiLCUL_FLjrQW8lKC-eRvgHLok720aMhC9hPfMIQDgHk23OAOkkvakfENTUfHv6jjdLpXIn5tqlHtp5mVMBZEqUjfz7iNsQqODcF4TOvktJPEyDK8gVOUsxuj0lyZ8SFVgNUPqGejONIJhimRIoc',
            //'accept-language': this.config.getAcceptLanguage() || ''
        }

        // 设置跨域请求发送cookie
        //options.credentials = 'include'
        //// 指示请求将使用CORS
        //options.mode = 'cors'
        options.cache = 'default'
        console.log('transformOptions', 'options:', options)
        return Promise.resolve(options)
    }

在处理请求的时候在请求头中添加 Requestverificationtoken

特写此帖以做记录。