为 Blazor UI 应用程序实施防伪验证
Implementing anti forgery validation for Blazor UI application
我们的应用程序是使用与 Azure API 通信的 Blazor Server 和 .razor 页面构建的。我想知道我们是否应该为 Blazor UI 实施防伪造 CSRF/XSRF,如果可以,我能得到一些如何实施的信息吗?
我观察到为 ASP .Net 核心 MVC 应用程序实施防伪造的帖子 https://exceptionnotfound.net/using-anti-forgery-tokens-in-asp-net-core-razor-pages/ 并且还有博客提到 Razor 页面默认实施防伪造验证。
但是对于 Blazor 想知道遵循的模式是什么?
Blazor Server apps can be accessed cross-origin unless additional
measures are taken to prevent it. To disable cross-origin access,
either disable CORS in the endpoint by adding the CORS middleware to
the pipeline and adding the DisableCorsAttribute to the Blazor
endpoint metadata or limit the set of allowed origins by configuring
SignalR for cross-origin resource sharing.
If CORS is enabled, extra steps might be required to protect the app
depending on the CORS configuration. If CORS is globally enabled, CORS
can be disabled for the Blazor Server hub by adding the
DisableCorsAttribute metadata to the endpoint metadata after calling
MapBlazorHub on the endpoint route builder.
我们的应用程序是使用与 Azure API 通信的 Blazor Server 和 .razor 页面构建的。我想知道我们是否应该为 Blazor UI 实施防伪造 CSRF/XSRF,如果可以,我能得到一些如何实施的信息吗?
我观察到为 ASP .Net 核心 MVC 应用程序实施防伪造的帖子 https://exceptionnotfound.net/using-anti-forgery-tokens-in-asp-net-core-razor-pages/ 并且还有博客提到 Razor 页面默认实施防伪造验证。
但是对于 Blazor 想知道遵循的模式是什么?
Blazor Server apps can be accessed cross-origin unless additional measures are taken to prevent it. To disable cross-origin access, either disable CORS in the endpoint by adding the CORS middleware to the pipeline and adding the DisableCorsAttribute to the Blazor endpoint metadata or limit the set of allowed origins by configuring SignalR for cross-origin resource sharing.
If CORS is enabled, extra steps might be required to protect the app depending on the CORS configuration. If CORS is globally enabled, CORS can be disabled for the Blazor Server hub by adding the DisableCorsAttribute metadata to the endpoint metadata after calling MapBlazorHub on the endpoint route builder.