Base solution for your next web application
Open Closed

how to prevent XSS attack via Application Layer / WebAPI #2978


User avatar
0
jimcai created

If I use application layer to submit data, seems that the prevent xss attack for classic Controller does not work any more. Could you please tell me how to enable this feature when submit data when use DTO objects? Thanks


1 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Normally it should work when you make requests from web application. You can read more about it here <a class="postlink" href="https://www.aspnetboilerplate.com/Pages/Documents/XSRF-CSRF-Protection">https://www.aspnetboilerplate.com/Pages ... Protection</a>.

    If you are making requests to WebAPI fron a non-web app, XSS will not work as expected.

    Thanks.