jQuery Ajax calls and the Html.AntiForgeryToken()

前端 未结 20 2387
鱼传尺愫
鱼传尺愫 2020-11-22 16:34

I have implemented in my app the mitigation to CSRF attacks following the informations that I have read on some blog post around the internet. In particular these post have

相关标签:
20条回答
  • 2020-11-22 17:37

    Don't use Html.AntiForgeryToken. Instead, use AntiForgery.GetTokens and AntiForgery.Validate from Web API as described in Preventing Cross-Site Request Forgery (CSRF) Attacks in ASP.NET MVC Application.

    0 讨论(0)
  • 2020-11-22 17:38

    Here is the easiest way I've seen. Note: Make sure you have "@Html.AntiForgeryToken()" in your View

      $("a.markAsDone").click(function (event) {
            event.preventDefault();
            var sToken = document.getElementsByName("__RequestVerificationToken")[0].value;
            $.ajax({
                url: $(this).attr("rel"),
                type: "POST",
                contentType: "application/x-www-form-urlencoded",
                data: { '__RequestVerificationToken': sToken, 'id': parseInt($(this).attr("title")) }
            })
            .done(function (data) {
                //Process MVC Data here
            })
            .fail(function (jqXHR, textStatus, errorThrown) {
                //Process Failure here
            });
        });
    
    0 讨论(0)
提交回复
热议问题