Jan 28, 2015, 7:06 PM
[CLOSED] Cross-site Request Forgery with DirectMethods
Is there any built-in security prevention for cross-site request forgery when using shared / static DirectMethods? We have an anti-forgery token on every page that we validate against on postbacks. Now with shared / static DirectMethods, it bypass submitting form data so we can't validate that token. I would like a central way to validate against CSRF without modifying all existing DirectMethods to also send the token as a parameter to the method. Maybe somehow always inject the anti-forgery token to the header of the ajax request?
Last edited by Daniil; Feb 06, 2015 at 1:01 PM. Reason: [CLOSED]