a500a93dfb
Adds the concept of an IAntiforgeryPolicy marker interface as well as the ability to overide policy with a 'closer' filter. Adds a new [IgnoreAntiforgeryToken] attribute for overriding a scoped antiforgery policy. Adds a new [AutoValidateAntiforgeryToken] attribute (good name tbd) for applying an application-wide antiforgery token. The idea is that you can configure this as a global filter if your site is acting as a pure browser-based or 1st party SPA. This new attribute only validates the token for unsafe HTTP methods, so you can apply it broadly. |
||
|---|---|---|
| .. | ||
| AutoValidateAntiforgeryTokenAuthorizationFilterTest.cs | ||
| HtmlAttributePropertyHelperTest.cs | ||
| TemplateRendererTest.cs | ||
| ValidateAntiforgeryTokenAuthorizationFilterTest.cs | ||