How to enable CSRF protection on ServiceStack

Question

How to enable CSRF protection on ServiceStack

ServiceStack has AntiXsrf code, but it's not clear how to use or enable it. Considering network requests with chrome devtools, it is not enabled by default.

+3

servicestack

steve-o 07 June 17 at 20:52

source to share

1 answer

mythz · Accepted Answer · 2017-06-07T21:48:50+0000

On the Razor page, you can embed the token into your form with:

<form action="/antiforgery/test" method="POST">
    @Html.AntiForgeryToken()
    <input name="Field" value="Test"/>        
    <input type="submit"/>
</form>

What can you check in your service with:

[Route("/antiforgery/test")]
public class AntiForgeryTest
{
    public string Field { get; set; }
}

public class AntiForgeryService : Service
{
    public object Any(AntiForgeryTest request)
    {
        AntiForgery.Validate();
       ...
    }
}

How to enable CSRF protection on ServiceStack

More articles: