I'm trying to add a kendo grid to a Razor Pages app. The grid is simple, pretty much straight out of the samples. However, when I load the page, I get an empty grid and the error below (also on the attached screenshot):
Migrate entirely to HTTPS to have cookies sent to same-site subresources
A cookie was not sent to an insecure origin from a secure context. Because this cookie would have been sent across schemes on the same site, it was not sent. This behavior enhances the SameSite
attribute’s protection of user data from request forgery by network attackers.
Resolve this issue by migrating your site (as defined by the eTLD+1) entirely to HTTPS. It is also recommended to mark the cookie with the Secure
attribute if that is not already the case.
Here's the code:
Page:
@(Html.Kendo().Grid<tblEmployeeHardware>()
.Name("grid")
.Groupable()
.Sortable()
.Editable()
.Scrollable()
.Columns(columns =>
{
columns.Bound(column => column.HardwareDescription);
...
columns.Bound(column => column.SerialNumber);
columns.Command(column =>
{
column.Destroy();
}).Width(230);
})
.DataSource(ds => ds.Ajax()
.Read(r => r.Url("/Groups/IT/Hardware?handler=Read").Data("forgeryToken"))
.Destroy(d => d.Url("/Groups/IT/Hardware?handler=DeleteHardware").Data("forgeryToken"))
.Model(m => m.Id(id => id.Id))
.PageSize(30)
)
.Pageable()
)
<script>
function forgeryToken() {
return kendo.antiForgeryTokens();
}
</script>
Model:
public JsonResult OnPostDeleteHardware([DataSourceRequest] DataSourceRequest request, tblEmployeeHardware model)
{
var db = new DbAccessHelper(Settings);
db.CreateUpdateDelete("DELETE FROM tblEmployeeHardware WHERE Id = @ID",
new Dictionary<string, string> { { "ID", model.Id.ToString() } });
return new JsonResult(new[] { model }.ToDataSourceResult(request, ModelState));
}
public JsonResult OnGetRead([DataSourceRequest] DataSourceRequest request, string additionalParameter)
{
var ret = getHardware();
//The received parameter "additionalParameter" can be used for filtering/checking the data before returning it to the Grid.
return new JsonResult(ret.ToDataSourceResult(request));
}
I added the [RequireHttps] attribute to the SharedModel, and the following to program.cs:
builder.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.SameSite = SameSiteMode.None;
});
Neither helped.
Can you guys give me a hand here?