EditForm specifies handler via hidden field

SteveSandersonMS · SteveSandersonMS · commit 72704a494b4d · 2023-07-12T10:26:22.000+01:00
diff --git a/src/Components/Endpoints/src/RazorComponentEndpointInvoker.cs b/src/Components/Endpoints/src/RazorComponentEndpointInvoker.cs
@@ -111,17 +111,17 @@ private async Task<RequestValidationState> ValidateRequestAsync(IAntiforgery? an
             {
                 _context.Response.StatusCode = StatusCodes.Status400BadRequest;
             }
-            var formValid = TrySetFormHandler(out var handler);
+            var formValid = TryGetFormHandler(out var handler);
             return new(valid && formValid, isPost, handler);
         }
 
         return new(true, false, null);
     }
 
-    private bool TrySetFormHandler([NotNullWhen(true)] out string? handler)
+    private bool TryGetFormHandler([NotNullWhen(true)] out string? handler)
     {
         handler = "";
-        if (_context.Request.Query.TryGetValue("handler", out var value))
+        if (_context.Request.Form.TryGetValue("handler", out var value))
         {
             if (value.Count != 1)
             {
diff --git a/src/Components/Web/src/Forms/EditForm.cs b/src/Components/Web/src/Forms/EditForm.cs
@@ -135,26 +135,20 @@ protected override void BuildRenderTree(RenderTreeBuilder builder)
 
         if (BindingContext != null)
         {
-            // This is clearly not right but will be removed shortly anyway
-            var action = !string.IsNullOrEmpty(BindingContext.MappingContextId)
-                ? CombineStrings(BindingContext.MappingContextId, FormHandlerName)
-                : !string.IsNullOrEmpty(FormHandlerName) ? TempNav!.ToBaseRelativePath(TempNav!.GetUriWithQueryParameter("handler", FormHandlerName)) : null;
-            if (!string.IsNullOrEmpty(action))
-            {
-                builder.AddAttribute(1, "action", action);
-            }
-
+            // TODO: Remove bindingcontext.id concept
             builder.AddAttribute(2, "method", "post");
         }
 
         builder.AddMultipleAttributes(3, AdditionalAttributes);
         builder.AddAttribute(4, "onsubmit", _handleSubmitDelegate);
 
+        // In SSR cases, we register onsubmit as a named event and emit other child elements
+        // to include the handler and antiforgery token in the post data
         if (BindingContext != null)
         {
-            var submitEventName = CombineStrings(BindingContext.Name, FormHandlerName);
-            builder.AddNamedEvent(5, "onsubmit", submitEventName ?? string.Empty);
-            RenderSSRFormHandlingChildren(builder, 6);
+            var submitEventName = CombineStrings(BindingContext.Name, FormHandlerName) ?? string.Empty;
+            builder.AddNamedEvent(5, "onsubmit", submitEventName);
+            RenderSSRFormHandlingChildren(builder, 6, submitEventName);
         }
 
         builder.OpenComponent<CascadingValue<EditContext>>(7);
@@ -171,7 +165,7 @@ protected override void BuildRenderTree(RenderTreeBuilder builder)
     private static string? CombineStrings(string? a, string? b)
         => string.IsNullOrEmpty(a) ? b : string.IsNullOrEmpty(b) ? a : $"{a}.{b}";
 
-    private void RenderSSRFormHandlingChildren(RenderTreeBuilder builder, int sequence)
+    private void RenderSSRFormHandlingChildren(RenderTreeBuilder builder, int sequence, string submitEventName)
     {
         builder.OpenRegion(sequence);
 
@@ -182,6 +176,12 @@ private void RenderSSRFormHandlingChildren(RenderTreeBuilder builder, int sequen
         builder.OpenComponent<AntiforgeryToken>(3);
         builder.CloseComponent();
 
+        builder.OpenElement(4, "input");
+        builder.AddAttribute(5, "type", "hidden");
+        builder.AddAttribute(6, "name", "handler");
+        builder.AddAttribute(7, "value", submitEventName);
+        builder.CloseElement();
+
         builder.CloseRegion();
     }
 
diff --git a/src/Components/test/E2ETest/ServerRenderingTests/FormHandlingTests/FormWithParentBindingContextTest.cs b/src/Components/test/E2ETest/ServerRenderingTests/FormHandlingTests/FormWithParentBindingContextTest.cs
@@ -35,7 +35,6 @@ public void CanDispatchToTheDefaultForm(bool suppressEnhancedNavigation)
         {
             Url = "forms/default-form",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             SuppressEnhancedNavigation = suppressEnhancedNavigation,
         };
         DispatchToFormCore(dispatchToForm);
@@ -50,7 +49,6 @@ public void CanBindParameterToTheDefaultForm(bool suppressEnhancedNavigation)
         {
             Url = "forms/default-form-bound-parameter",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             InputFieldId = "Parameter",
             InputFieldCssSelector = "input[name=Parameter]",
             InputFieldValue = "stranger",
@@ -68,7 +66,7 @@ public void MultipleParametersMultipleFormsDoNotConflict(bool suppressEnhancedNa
         {
             Url = "forms/multiple-forms-bound-parameter-no-conflicts",
             FormCssSelector = "form[name=bind-integer]",
-            ExpectedActionValue = "forms/multiple-forms-bound-parameter-no-conflicts?handler=bind-integer",
+            ExpectedHandlerValue = "bind-integer",
             InputFieldId = "Id",
             InputFieldCssSelector = "form[name=bind-integer] input[name=Id]",
             InputFieldValue = "abc",
@@ -94,7 +92,7 @@ public void MultipleParametersMultipleFormsBindsToCorrectForm(bool suppressEnhan
         {
             Url = "forms/multiple-forms-bound-parameter-no-conflicts",
             FormCssSelector = "form[name=bind-guid]",
-            ExpectedActionValue = "forms/multiple-forms-bound-parameter-no-conflicts?handler=bind-guid",
+            ExpectedHandlerValue = "bind-guid",
             SubmitButtonId = "send-guid",
             UpdateFormAction = () =>
             {
@@ -121,7 +119,6 @@ public void CanBindMultipleParametersToTheDefaultForm(bool suppressEnhancedNavig
         {
             Url = "forms/default-form-bound-multiple-primitive-parameters",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             UpdateFormAction = () =>
             {
                 Browser.Exists(By.CssSelector("input[name=Parameter]")).Clear();
@@ -147,7 +144,6 @@ public void CanChangeFormParameterNames(bool suppressEnhancedNavigation)
         {
             Url = "forms/default-form-bound-multiple-primitive-parameters-changed-names",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             UpdateFormAction = () =>
             {
                 Browser.Exists(By.CssSelector("input[name=UpdatedParameter]")).Clear();
@@ -173,7 +169,6 @@ public void CanDisplayErrorsFromMultipleParametersToTheDefaultForm(bool suppress
         {
             Url = "forms/default-form-bound-multiple-primitive-parameters",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             UpdateFormAction = () =>
             {
                 Browser.Exists(By.CssSelector("input[name=Parameter]")).Clear();
@@ -211,7 +206,6 @@ public void CanHandleBindingErrorsBindParameterToTheDefaultForm(bool suppressEnh
         {
             Url = "forms/default-form-bound-primitive-parameter",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             InputFieldId = "Parameter",
             InputFieldCssSelector = "input[name=Parameter]",
             InputFieldValue = "abc",
@@ -651,7 +645,7 @@ public void CanHandleBindingErrorsBindParameterToNamedForm(bool suppressEnhanced
         {
             Url = "forms/named-form-bound-primitive-parameter",
             FormCssSelector = "form[name=named-form-handler]",
-            ExpectedActionValue = "forms/named-form-bound-primitive-parameter?handler=named-form-handler",
+            ExpectedHandlerValue = "named-form-handler",
             InputFieldId = "Parameter",
             InputFieldCssSelector = "input[name=Parameter]",
             InputFieldValue = "abc",
@@ -680,7 +674,6 @@ public void CanReadFormValuesDuringOnInitialized(bool suppressEnhancedNavigation
             Url = "forms/default-form-with-body-on-initialized",
             FormCssSelector = "form",
             InputFieldValue = "stranger",
-            ExpectedActionValue = null,
             SuppressEnhancedNavigation = suppressEnhancedNavigation,
         };
         DispatchToFormCore(dispatchToForm);
@@ -695,7 +688,7 @@ public void CanDispatchToNamedForm(bool suppressEnhancedNavigation)
         {
             Url = "forms/named-form",
             FormCssSelector = "form",
-            ExpectedActionValue = "forms/named-form?handler=named-form-handler",
+            ExpectedHandlerValue = "named-form-handler",
             SuppressEnhancedNavigation = suppressEnhancedNavigation,
         };
         DispatchToFormCore(dispatchToForm);
@@ -710,7 +703,7 @@ public void CanBindFormValueFromNamedFormWithBody(bool suppressEnhancedNavigatio
         {
             Url = "forms/named-form-bound-parameter",
             FormCssSelector = "form",
-            ExpectedActionValue = "forms/named-form-bound-parameter?handler=named-form-handler",
+            ExpectedHandlerValue = "named-form-handler",
             InputFieldId = "Parameter",
             InputFieldCssSelector = "input[name=Parameter]",
             InputFieldValue = "stranger",
@@ -728,7 +721,7 @@ public void CanDispatchToNamedFormInNestedContext(bool suppressEnhancedNavigatio
         {
             Url = "forms/nested-named-form",
             FormCssSelector = "form",
-            ExpectedActionValue = "forms/nested-named-form?handler=parent-context.named-form-handler",
+            ExpectedHandlerValue = "parent-context.named-form-handler",
             SuppressEnhancedNavigation = suppressEnhancedNavigation,
         };
         DispatchToFormCore(dispatchToForm);
@@ -743,7 +736,7 @@ public void CanBindFormValueFromNestedNamedFormWithBody(bool suppressEnhancedNav
         {
             Url = "forms/nested-named-form-bound-parameter",
             FormCssSelector = "form",
-            ExpectedActionValue = "forms/nested-named-form-bound-parameter?handler=parent-context.named-form-handler",
+            ExpectedHandlerValue = "parent-context.named-form-handler",
             InputFieldId = "Parameter",
             InputFieldCssSelector = "input[name=Parameter]",
             InputFieldValue = "stranger",
@@ -761,7 +754,6 @@ public void CanDispatchToFormDefinedInNonPageComponent(bool suppressEnhancedNavi
         {
             Url = "forms/form-defined-inside-component",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             SuppressEnhancedNavigation = suppressEnhancedNavigation,
         };
         DispatchToFormCore(dispatchToForm);
@@ -774,7 +766,6 @@ public void CannotRenderAmbiguousForms()
         {
             Url = "forms/ambiguous-forms",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             DispatchEvent = false,
             ShouldCauseInternalServerError = true,
         };
@@ -788,7 +779,6 @@ public void CanDispatchToFormRenderedAsynchronously()
         {
             Url = "forms/async-rendered-form",
             FormCssSelector = "form",
-            ExpectedActionValue = null
         };
         DispatchToFormCore(dispatchToForm);
     }
@@ -800,7 +790,6 @@ public void FormThatDisappearsBeforeQuiesceDoesNotBind()
         {
             Url = "forms/disappears-before-dispatching",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             SubmitButtonId = "test-send",
             ShouldCauseInternalServerError = true,
         };
@@ -860,7 +849,6 @@ public void FormNoAntiforgeryReturnBadRequest(bool suppressEnhancedNavigation)
         {
             Url = "forms/no-antiforgery",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             ShouldCauseBadRequest = true,
             SuppressEnhancedNavigation = suppressEnhancedNavigation,
         };
@@ -876,7 +864,6 @@ public void FormAntiforgeryCheckDisabledOnPage(bool suppressEnhancedNavigation)
         {
             Url = "forms/disable-antiforgery-check",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             SuppressEnhancedNavigation = suppressEnhancedNavigation,
         };
         DispatchToFormCore(dispatchToForm);
@@ -889,7 +876,6 @@ public void FormCanAddAntiforgeryAfterTheResponseHasStarted()
         {
             Url = "forms/antiforgery-after-response-started",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             SuppressEnhancedNavigation = true,
         };
         DispatchToFormCore(dispatchToForm);
@@ -904,7 +890,6 @@ public void FormElementWithAntiforgery(bool suppressEnhancedNavigation)
         {
             Url = "forms/form-element-antiforgery",
             FormCssSelector = "form",
-            ExpectedActionValue = null,
             SuppressEnhancedNavigation = suppressEnhancedNavigation,
         };
         DispatchToFormCore(dispatchToForm);
@@ -951,10 +936,12 @@ private void DispatchToFormCore(DispatchToForm dispatch)
 
         Browser.Exists(By.Id(dispatch.Ready));
         var form = Browser.Exists(By.CssSelector(dispatch.FormCssSelector));
-        var formTarget = form.GetAttribute("action");
-        var actionValue = form.GetDomAttribute("action");
-        Assert.Equal(dispatch.ExpectedTarget, formTarget);
-        Assert.Equal(dispatch.ExpectedActionValue, actionValue);
+
+        if (dispatch.ExpectedHandlerValue != null)
+        {
+            var handlerInput = form.FindElement(By.CssSelector("input[type=hidden][name=handler]"));
+            Assert.Equal(dispatch.ExpectedHandlerValue, handlerInput.GetAttribute("value"));
+        }
 
         if (!dispatch.DispatchEvent)
         {
@@ -1023,7 +1010,7 @@ private void DispatchToFormCore(DispatchToForm dispatch)
             {
                 // Verify the same form element is still in the page
                 // We wouldn't be allowed to read the attribute if the element is stale
-                Assert.Equal(dispatch.ExpectedTarget, form.GetAttribute("action"));
+                Assert.Equal("post", form.GetAttribute("method"));
             }
         }
     }
@@ -1040,11 +1027,9 @@ public DispatchToForm(FormWithParentBindingContextTest test) : this()
         public string SubmitPassId = "pass";
         public string Ready = "ready";
         public string FormCssSelector;
-        public string ExpectedActionValue;
+        public string ExpectedHandlerValue;
         public string InputFieldValue;
 
-        public string ExpectedTarget => $"{Base}/{ExpectedActionValue ?? Url}";
-
         public bool DispatchEvent { get; internal set; } = true;
 
         public string SubmitButtonId { get; internal set; } = "send";
diff --git a/src/Components/test/E2ETest/ServerRenderingTests/FormHandlingTests/NamedFormNoParentBindingContextTest.cs b/src/Components/test/E2ETest/ServerRenderingTests/FormHandlingTests/NamedFormNoParentBindingContextTest.cs
@@ -32,12 +32,7 @@ public void CanDispatchToNamedFormNoParentBindingContext()
         Browser.Exists(By.Id("ready"));
 
         var form = Browser.Exists(By.CssSelector("form"));
-        var formTarget = form.GetAttribute("action");
-        var actionValue = form.GetDomAttribute("action");
-        var baseUri = new Uri(_serverFixture.RootUri, ServerPathBase).ToString();
-
-        Assert.Equal($"{baseUri}/?handler=named-form-handler", formTarget);
-        Assert.Equal("?handler=named-form-handler", actionValue);
+        Browser.Equal("named-form-handler", () => form.FindElement(By.CssSelector("input[name=handler]")).GetAttribute("value"));
 
         Browser.Click(By.Id("send"));
         Browser.Exists(By.Id("pass"));
diff --git a/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Forms/ActionForm.cs b/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Forms/ActionForm.cs
@@ -47,19 +47,20 @@ void RenderFormContents(RenderTreeBuilder builder, FormMappingContext? bindingCo
         {
             builder.OpenElement(0, "form");
             builder.AddAttribute(1, "name", bindingContext.Name);
-
-            if (!string.IsNullOrEmpty(bindingContext?.MappingContextId))
-            {
-                builder.AddAttribute(2, "action", bindingContext.MappingContextId);
-            }
-
-            builder.AddAttribute(3, "method", "POST");
-            builder.AddAttribute(4, "onsubmit", async () => await OnSubmit.InvokeAsync(bindingContext));
+            builder.AddAttribute(6, "method", "POST");
+            builder.AddAttribute(7, "onsubmit", async () => await OnSubmit.InvokeAsync(bindingContext));
 
             if (bindingContext != null)
             {
                 builder.AddNamedEvent(5, "onsubmit", bindingContext.Name);
+
+                builder.OpenElement(2, "input");
+                builder.AddAttribute(3, "type", "hidden");
+                builder.AddAttribute(4, "name", "handler");
+                builder.AddAttribute(5, "value", bindingContext.Name);
+                builder.CloseElement();
             }
+
             builder.AddContent(6, ChildContent?.Invoke(bindingContext));
 
             builder.CloseElement();

Original file line number	Diff line number	Diff line change
`@@ -111,17 +111,17 @@ private async Task<RequestValidationState> ValidateRequestAsync(IAntiforgery? an`
`111`	`111`	`{`
`112`	`112`	`_context.Response.StatusCode = StatusCodes.Status400BadRequest;`
`113`	`113`	`}`
`114`		`- var formValid = TrySetFormHandler(out var handler);`
	`114`	`+ var formValid = TryGetFormHandler(out var handler);`
`115`	`115`	`return new(valid && formValid, isPost, handler);`
`116`	`116`	`}`
`117`	`117`
`118`	`118`	`return new(true, false, null);`
`119`	`119`	`}`
`120`	`120`
`121`		`- private bool TrySetFormHandler([NotNullWhen(true)] out string? handler)`
	`121`	`+ private bool TryGetFormHandler([NotNullWhen(true)] out string? handler)`
`122`	`122`	`{`
`123`	`123`	`handler = "";`
`124`		`- if (_context.Request.Query.TryGetValue("handler", out var value))`
	`124`	`+ if (_context.Request.Form.TryGetValue("handler", out var value))`
`125`	`125`	`{`
`126`	`126`	`if (value.Count != 1)`
`127`	`127`	`{`