Adds the concept of an IAntiforgeryPolicy marker interface as well as
the ability to overide policy with a 'closer' filter.
Adds a new [IgnoreAntiforgeryToken] attribute for overriding a scoped
antiforgery policy.
Adds a new [AutoValidateAntiforgeryToken] attribute (good name tbd) for
applying an application-wide antiforgery token. The idea is that you can
configure this as a global filter if your site is acting as a pure
browser-based or 1st party SPA. This new attribute only validates the
token for unsafe HTTP methods, so you can apply it broadly.
Ajay Bhargav Baaskaran
Ryan Nowak
Pranav K