yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implementing anti forgery token which will not allows members to be created by sending a request directly to the registration controller when the request is not coming from a page in the application

Browse Source
This commit is contained in:
elitsa
2018-12-10 08:55:54 +01:00
parent 9f9286ae45
commit 3c74ce2427
5 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Umbraco.Web/Controllers/UmbLoginStatusController.cs
View File

@@ -12,6 +12,7 @@ namespace Umbraco.Web.Controllers
public class UmbLoginStatusController : SurfaceController
{
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult HandleLogout([Bind(Prefix = "logoutModel")]PostRedirectModel model)
{
if (ModelState.IsValid == false)