You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A classic API controller, not a minimal API, binding FromForm or IFormFile should participate in antiforgery. The only way to do that is with this new [RequireAntiforgeryToken] attribute.
It would be nice if this were documented, but it is not. I have opened a separate issue in the documentation repository (dotnet/AspNetCore.Docs#33740).
A classic API controller, not a minimal API, binding
FromForm
orIFormFile
should participate in antiforgery. The only way to do that is with this new[RequireAntiforgeryToken]
attribute.It would be nice to have a rule like CA5391.
It would be nice if this were documented, but it is not. I have opened a separate issue in the documentation repository (dotnet/AspNetCore.Docs#33740).
https://learn.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-8.0
The text was updated successfully, but these errors were encountered: