daohualiuxiang
/
AspNetCore.Docs
mirror of https://github.com/dotnet/AspNetCore.Docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updates

pull/33706/head
guardrex 2024-09-25 11:30:47 -04:00
parent 98a9f9caff
commit 2b4a1af88f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
aspnetcore/security/anti-request-forgery.md
View File

@ -127,7 +127,7 @@ Automatic generation of antiforgery tokens for HTML form elements can be disable
> [!NOTE]
> [Razor Pages](xref:razor-pages/index) are automatically protected from XSRF/CSRF. For more information, see [XSRF/CSRF and Razor Pages](xref:razor-pages/index#xsrfcsrf-and-razor-pages-1).
The most common approach to ing against CSRF attacks is to use the *Synchronizer Token Pattern* (STP). STP is used when the user requests a page with form data:
The most common approach to protecting against CSRF attacks is to use the *Synchronizer Token Pattern* (STP). STP is used when the user requests a page with form data:
1. The server sends a token associated with the current user's identity to the client.
1. The client sends back the token to the server for verification.