Cannot add HttpJob via API

[daz-codersoft]

This project is very useful to me. I have had HttpJob working fine for a while, but I now want to programmatically add jobs (I was adding them manually through the dashboard).

After several hours of tracking things through, I found two possible improvements to the instructions to help people get started:

1. Install-Package Hangfire.Dashboard.BasicAuthorization is required for the authorization
2. DashboardOptions also requires IgnoreAntiforgeryToken = true. I'm new to this area so there may be a "better" (more secure) way to do this (add an antiforgery token to the call?). If so, I'd love to hear it.

Darryl

[yuzd]

hi Darryl , Thanks for your feedback！ Do you wish not to Install-Package Hangfire.Dashboard.BasicAuthorization（ IgnoreAntiforgeryToken = true）， go by other way to ensure safety？

If that's the case, I think your proposal is a good idea， just configure the token in the hangfire server configuration file and verify it, then add a token field in the request body when adding it with Hangfire.HttpJob.Client.

How do you feel about this, or do you have a better suggestion

[daz-codersoft]

Thanks for the follow-up.

I'm far from an expert in security, so possibly the IgnoreAntiforgeryToken = true is a perfectly acceptable solution. But because it wasn't documented, it took me a long time to work out - I had to go through your regression tests closely and look for differences between our configurations. So my only issue is with your docs as they don't mention its use - a line in your Readme.md may save somebody else the time I spent.

I did just find https://github.com/HangfireIO/Hangfire/issues/1248 - near the bottom there is a mention to use IgnoreAntiforgeryToken so it must be the acceptable solution. So I would just suggest the simple documentation update.

Best regards, Darryl

[yuzd]

i see, thanks

https://github.com/yuzd/Hangfire.HttpJob/wiki/%E6%8E%88%E6%9D%83%E9%97%AE%E9%A2%98