[release/8.0-preview7] Add support for anti-forgery middleware #49530
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
github-actions
bot
requested review from
a team,
Tratcher,
BrennanConroy,
javiercn,
halter73 and
captainsafia
as code owners
captainsafia
added
area-middleware
|
Hi @github-actions[bot]. Please make sure you've updated the PR description to use the Shiproom Template. Also, make sure this PR is not marked as a draft and is ready-to-merge. To learn more about how to prepare a servicing PR click here. |
adityamandaleeka
approved these changes
Jul 20, 2023
adityamandaleeka
added
Servicing-approved
|
Hi @github-actions[bot]. This PR was just approved to be included in the upcoming servicing release. Somebody from the @dotnet/aspnet-build team will get it merged when the branches are open. Until then, please make sure all the CI checks pass and the PR is reviewed. |
ghost
added
the
area-infrastructure
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #49233 to release/8.0-preview7
/cc @captainsafia
This pull request adds a middleware for validating anti-forgery request tokens to ASP.NET. This change helps us unify the anti-forgery token validation experience in ASP.NET and reduces the burden on users to implement their own token validation layer.
Closes #49237 and #38338
Customer Impact
We shipped support for complex-binding for minimal APIs earlier in preview6. Shipping support for an anti-forgery token validation middleware will make it easier for customers to implement secure form-binding code without have to roll out their own token validation manually. This PR also introduces new API that we would like to get feedback on earlier.
Regression?
Risk
The changes in this PR have been designed in a fashion as so to not impact existing anti-forgery token validation in MVC. We've also established an API for opting out of the on-by-default anti-forgery token validation in the event that users run into an issue.
Verification
Packaging changes reviewed?