Do we have anything in framework to treat this type of issue, and prevent a possible CSRF attack ?
Thanks.
Printable View
Do we have anything in framework to treat this type of issue, and prevent a possible CSRF attack ?
Thanks.
This is not really in the scope of Ext.NET.
Encoding your strings does help prevent issues.
I was thinking about some "csrf-token" mechanism, are you aware of any in extjs?
By default, in Ext.NET 7.0 for ASP.NET Core, aRequestVerificationToken
is passed in all Direct requests and CSRF is now supported out of the box.
Application security has been a priority focus of the new Ext.NET 7.0 release as we continue to focus on reducing security vulnerabilities and promote strong security practices for all apps.