How to enable CSRF protection on ServiceStack
ServiceStack has AntiXsrf code, but it's not clear how to use or enable it. Considering network requests with chrome devtools, it is not enabled by default.
+3
steve-o
source
to share
1 answer
On the Razor page, you can embed the token into your form with:
<form action="/antiforgery/test" method="POST">
@Html.AntiForgeryToken()
<input name="Field" value="Test"/>
<input type="submit"/>
</form>
What can you check in your service with:
[Route("/antiforgery/test")]
public class AntiForgeryTest
{
public string Field { get; set; }
}
public class AntiForgeryService : Service
{
public object Any(AntiForgeryTest request)
{
AntiForgery.Validate();
...
}
}
+1
mythz
source
to share