c# - Is ValidateAntiForgeryToken autoimplemented with POST? -


i'm reading post considered secure , no, , should implement [validateantiforgerytoken] in every action of every controller.

the question is: need use [validateantiforgerytoken] data annotation when use [post]?

it's off default.
there's reason this. not every post has come form (especially true since question tagged asp.net-core)

you should decorate controller action [validateantiforgerytoken]

[validateantiforgerytoken] public iactionresult post(model model) {     // ... etc }

if you're using form tag helper, automatically add anti forgery token you, <form> markup.

the markup generated like:

<form action="/mycontroller" method="post">     <input name="__requestverificationtoken" type="hidden" value="fhtffhkknsdfhyazftn6c4ybzamsewg0srqluqqloi/oijoijoijojhishg" />     <!-- rest of form here --> </form>

note: can manually enable/disable __requestverificationtoken generation using form helper tags:

<form  asp-controller="mycontroller"   asp-action="myaction"   asp-antiforgery="false"   method="post">

Comments

Post a Comment

Popular posts from this blog

html - How to set bootstrap input responsive width? -

Image
i need inline form calendar in both fields. reason can't rid of space between text , borders of input... here picture of problem i've tried set width parent div , input itself.... no good.. here i've done far. fiddle : <div class="modify_search"> <div class="search_wrapper"> <div class="search_header"> <form class="form-inline"> <div class="left"> <span>du</span> <div class="input-group"> <input type="text" class="form-control search_input" id="inlineforminputgroup"> <div class="input-group-addon"> <i class="fa fa-calendar" aria-hidden="true"></i> </div> </div> </div>
Read more

javascript - Highchart x and y axes data from json -

here js fiddle : demo i plotting differences of timestamps in multiple series reading data json. how plot "timestamp","timestamp2","timestamp3" against "tempersensordata" instead of steps? var processed_json = new array(); //ts1 var processed_json1 = new array(); //ts2 // populate initial series (i = 0; < data.length; i++){ processed_json.push(data[i].timestamp/1000); processed_json1.push(data[i].timestamp2/1000); }
Read more

javascript - Get js console.log as python variable in QWebView pyqt -

Image
i'm trying build application creates html + js code python , loads qwebview. the final html + js code following (raw code available here ): <head><meta charset="utf-8" /><script src="https://cdn.plot.ly/plotly-latest.min.js"></script></head><div id="mydiv" style="height: 100%; width: 100%;" class="plotly-graph-div"></div><script type="text/javascript">window.plotlyenv=window.plotlyenv || {};window.plotlyenv.base_url="https://plot.ly";plotly.newplot("mydiv", [{"type": "scatter", "x": [6.81, 6.78, 6.49, 6.72, 6.88, 7.68, 7.69, 7.38, 6.76, 6.84, 6.91, 6.74, 6.77, 6.73, 6.68, 6.94, 6.72], "y": [1046.67, 1315.0, 1418.0, 997.33, 2972.3, 9700.0, 6726.0, 6002.5, 2096.0, 2470.0, 867.0, 2201.7, 1685.6, 2416.7, 1618.3, 2410.0, 2962.0], "mode": "markers", "ids": [0, 1, 2, 3, 4, 5, 6, 7, 8,
Read more