How do I implement Anti-Forgery in Blazor ver 8 InteractiveServer? #54572
Unanswered
DavidThielen
asked this question in
Q&A
Replies: 1 comment
-
I'm getting this in my Blazor 8 server/client/shared project as well.
I tried upgrading to the latest .NET 8 SDK (8.0.203), same error. For reference, it was "working" last month on 8.0.103, but now failing on that version too.
If I add the following in the server's Program.cs (after It seems like my server starts to respond, but my client then gets:
I can't remove I'm using VSCode with C# Dev Kit extension, if that matters.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am converting a Blazor ver 6/7 Server to ver 8 InteractiveServer.
In ver 6/7 I set up anti-forgery with the following in _Host.cshtml
I moved the content of _Host.cshtml to App.razor and in App.razor, it has no
HttpContext
property. This documentation discusses submitting a form, but nothing about setting it up for rendering a page. When I try to run and render a page (no form on it), I get:Clearly there are different steps I should be taking for anti-forgery in version 8. Where is this documented? And in my case - no endpoints. My app is going from rendermode ver 6/7 server to ver 8 InteractiveServer. (And a Google search for
useantiforgery
just leads to others asking about all this.)I have found a way to get my app running. However, I do not know if this is correct and I do not know if this stops forgery attacks. I'm using what another person found works and they did not seem sure if this is correct. But it works and no one else has answered, so I figure better than no answer.
I replaced:
with:
If this is all that's required - great move on the part of the Blazor team - a lot easier than what was required before.
Question 1: So, is the above the correct way to protect against anti-forgery attacks?
Question 2: I've tried to find the instructions on how to stop forgery attacks in versions 6/7 - and cannot find it. Aside from the following, is there anything else that was done the old way that I now need to find and delete?
thanks - dave
Beta Was this translation helpful? Give feedback.
All reactions