Antheus Steenvoorden
Antheus Steenvoorden
> > any solution? > > Instead of this package I used syncfusion_flutter_pdfviewer > > And my problem solved. This won't be a solution for everybody. Make sure to check...
I can't believe how hard it is to setup a container with 2019-latest and that it still causes this many issues..
The easiest way to test this would be to have a dto with a required property and to add the HtmlSanitizerAttribute to the method in the app service that uses...
When we implement the AbpAutoValidateAntiforgeryTokenAttribute, and an attacker POSTS to our form from an external site, there is no cookie and the validation will be skipped due to the following...
Could you explain to me how this protects against XSRF attacks? Because that would mean that there are two situations if an external site would contain a script that would...
We have read the documentation already, as referenced in my initial question, but it doesn't answer my question. Unless we use a token that is part of the form, our...
We don't need to manually delete the token for this attack to bypass validation, since it is a session cookie. It won't exist anymore if the browser was closed since...
I mean the antiforgerytoken.
@ismcagdas, no problem of course. Good communication is essential. :P ### Non-browser clients presumption In the current implementation of the [AbpAutoValidateAntiforgeryTokenAuthorizationFilter](https://github.com/aspnetboilerplate/aspnetboilerplate/blob/a5aa294489c720c15a90b35462a0e8654b377963/src/Abp.AspNetCore/AspNetCore/Mvc/Antiforgery/AbpAutoValidateAntiforgeryTokenAuthorizationFilter.cs#L50), we skip validation if no CSRF token cookie is...