A colleague has created a Razor form, but you notice that the form data is appended to the URL upon submission, potentially exposing sensitive data. What might be the cause and how would you remedy it?
- The form is using a GET request method
- The form is missing an anti-forgery token
- The form is missing client-side validation
- The form is using AJAX for submission
The cause of the issue is likely that the form is missing an anti-forgery token (CSRF token). Without this token, ASP.NET Core won't accept the POST request, and the form data is sent as part of the URL, which is not secure. To remedy this, you should include the @Html.AntiForgeryToken() in your form and add [ValidateAntiForgeryToken] attribute to the corresponding action method in the controller.
Loading...
Related Quiz
- If you want to add user secrets in a development environment without affecting the main configuration files, which tool or method would you typically use in an ASP.NET Core project?
- What would be the primary reason to implement a "terminal" middleware in your application?
- You're trying to locate your application's main CSS files in an ASP.NET Core project. In which directory would you typically find them?
- How does the ASP.NET Core MVC determine which controller and action to route a request to?
- What is the primary use of the IExceptionHandlerPathFeature interface in ASP.NET Core?