GenHTTP icon indicating copy to clipboard operation
GenHTTP copied to clipboard

Published 20 hours ago verified publisher icon Kaliumhexacyanoferrat

Add CSFR protection

Open Kaliumhexacyanoferrat opened this issue 4 years ago • 0 comments

As the operator of a web application, I want the server only to handle state-changing requests issued by legitimate clients.

Example

var protected = Layout.Create().CsfrProtection();

var token = this.FindParent<ICsfrTokenProvider>().Generate();

Acceptance criteria

  • The CSFR protection concern will deny all state changing requests without or with an invalid CSFR token
  • Handlers can easily generate a CSFR token to be sent to the server
  • CSFR protection support is added to all handlers provided by the framework
  • The protection is not vulnerable to replay attacks

Kaliumhexacyanoferrat avatar Apr 24 '20 10:04 Kaliumhexacyanoferrat