daohualiuxiang
/
AspNetCore.Docs
mirror of https://github.com/dotnet/AspNetCore.Docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update global application example of AutoValidateAntiForgeryTokenAttribute (#17045) 

* Update AutoValidateAntiForgeryToken example

* Update anti-request-forgery.md

Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
pull/17058/head^2
Martin Mladenov 2020-02-19 19:54:02 +02:00 committed by GitHub
parent 90118dc449
commit 31a7548c20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
aspnetcore/security/anti-request-forgery.md
View File

@ -328,11 +328,22 @@ public class ManageController : Controller
Global example:
::: moniker range="< aspnetcore-3.0"
services.AddMvc(options =>
options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()));
::: moniker-end
::: moniker range=">= aspnetcore-3.0"
```csharp
services.AddMvc(options =>
services.AddControllersWithViews(options =>
options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()));
```
::: moniker-end
### Override global or controller antiforgery attributes
The [IgnoreAntiforgeryToken](/dotnet/api/microsoft.aspnetcore.mvc.ignoreantiforgerytokenattribute) filter is used to eliminate the need for an antiforgery token for a given action (or controller). When applied, this filter overrides `ValidateAntiForgeryToken` and `AutoValidateAntiforgeryToken` filters specified at a higher level (globally or on a controller).