DEV Community

Discussion on: Csrf Protection With Aspnet Core And Blazor Week 29

kingleo10 profile image
Niroj Dahal • Edited on

Instead of writing [ValidateAntiForgeryToken] as action attribute in all POST methods , you can configure Startup to auto validate for all POST methods. This is what I did in ConfigureServices method:

        services.AddMvc(options =>
            options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());

rembou1 profile image
remi bourgarel Author

Thanks, but this would add a check for every request while I don't think this kind of check is necessary everywhere in an app, but it's safer to add it everywhere.