Why ngx-uploader doesn't like to cooperate with .net core 2.x?

the post action seems to have no effect on the .net core controller.

if you put [ignoreantiforgerytoken] attribute on the server controller method, it works. but dont' leave it like that exposing vulnerability.

turns out, angular uses a particular header name "x-xsrf-token" to store token for the server to accept: 

the following client code snippet in the angular 6 component works. it's just part of . only to note the headers line.

const event: uploadinput = {
type: 'uploadall',
url: this.upload_api_url + '?guid=' + this.guid,
method: 'post',
headers: {'x-xsrf-token': this._cookieservice.get("xsrf-token")},
withcredentials: true,
data: { foo: 'bar' }
};

_cookieservice is an injected service using . you may use any cookie tool.