0
jimcai created
If I use application layer to submit data, seems that the prevent xss attack for classic Controller does not work any more. Could you please tell me how to enable this feature when submit data when use DTO objects? Thanks
1 Answer(s)
-
0
Hi,
Normally it should work when you make requests from web application. You can read more about it here <a class="postlink" href="https://www.aspnetboilerplate.com/Pages/Documents/XSRF-CSRF-Protection">https://www.aspnetboilerplate.com/Pages ... Protection</a>.
If you are making requests to WebAPI fron a non-web app, XSS will not work as expected.
Thanks.