Security (1)


Passing AntiForgeryToken to every POST request

The best practice is that all POST request has AntiForgeryToken to prevent XSS attack. If you don’t know what it is, please, read materials in the bottom of the article. From MVC 3.5 there is a special attribute which can be applied to controller actions ValidateAntiForgeryTokenAttribute. It works in pair with HtmlHelper method Html.AntiForgeryToken(). The value […]