A colleague has created a Razor form, but you notice that the form data is appended to the URL upon submission, potentially exposing sensitive data. What might be the cause and how would you remedy it?

  • The form is using a GET request method
  • The form is missing an anti-forgery token
  • The form is missing client-side validation
  • The form is using AJAX for submission
The cause of the issue is likely that the form is missing an anti-forgery token (CSRF token). Without this token, ASP.NET Core won't accept the POST request, and the form data is sent as part of the URL, which is not secure. To remedy this, you should include the @Html.AntiForgeryToken() in your form and add [ValidateAntiForgeryToken] attribute to the corresponding action method in the controller.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *