global Namespace
Microsoft.Extensions.DependencyInjection Namespace
System Namespace
System.Text Namespace
Walter Namespace
Walter.BOM Namespace
Walter.BOM.Data Namespace
Walter.BOM.ErrorCodes Namespace
Walter.BOM.Geo Namespace
Walter.BOM.Violations Namespace
Walter.Casts Namespace
Walter.DataTools Namespace
Walter.DataTools.MsSql Namespace
Walter.DataTools.MsSql.Events Namespace
Walter.IO Namespace
Walter.IO.Builder Namespace
Walter.IO.CommandLine Namespace
Walter.IO.EventArguments Namespace
Walter.Net.HoneyPot Namespace
Walter.Net.HoneyPot.EventArguments Namespace
Walter.Net.HoneyPot.Repositories Namespace
Walter.Net.LookWhosTalking Namespace
Walter.Net.LookWhosTalking.Bulder Namespace
Walter.Net.LookWhosTalking.Model Namespace
Walter.Net.LookWhosTalking.Repository Namespace
Walter.Net.LookWhosTalking.Repository.Disk Namespace
Walter.Net.Networking Namespace
Walter.Net.Networking.Builder Namespace
Walter.Net.Networking.DNS Namespace
Walter.Net.Networking.EventArg Namespace
Walter.Net.Networking.IANA Namespace
Walter.Net.Networking.ISP Namespace
Walter.Net.Networking.Properties Namespace
Walter.Net.Networking.TCP Namespace
Walter.Net.Networking.TopLevelDomainQuery Namespace
Walter.Net.Networking.Tracert Namespace
Walter.Vat Namespace
Walter.Web Namespace
Walter.Web.FireWall Namespace
Walter.Web.FireWall.Administration Namespace
Walter.Web.FireWall.Annotations Namespace
Walter.Web.FireWall.Browser Namespace
Walter.Web.FireWall.Configurations Namespace
Walter.Web.FireWall.DefaultEndpoints Namespace
Walter.Web.FireWall.Destinations Namespace
Walter.Web.FireWall.Destinations.Email Namespace
Walter.Web.FireWall.DiskLogger Namespace
Walter.Web.FireWall.EventArguments Namespace
Walter.Web.FireWall.Filters Namespace
Walter.Web.FireWall.GDPR Namespace
Walter.Web.FireWall.GDPR.P3P Namespace
Walter.Web.FireWall.Geo Namespace
Walter.Web.FireWall.Geo.MaxMind Namespace
Walter.Web.FireWall.Headers Namespace
Walter.Web.FireWall.ILoggerReporting Namespace
Walter.Web.FireWall.Infrastructure Namespace
Walter.Web.FireWall.Infrastructure.Authentication Namespace
Walter.Web.FireWall.Infrastructure.Factory Namespace
Walter.Web.FireWall.Infrastructure.Repositories Namespace
Walter.Web.FireWall.Middleware Namespace
Walter.Web.FireWall.Models Namespace
Walter.Web.FireWall.Properties Namespace
Walter.Web.FireWall.Reporting Namespace
Walter.Web.FireWall.RequestTracking Namespace
Walter.Web.FireWall.RuleEngine Namespace
Walter.Web.FireWall.RuleEngine.Rules Namespace
Walter.Web.FireWall.SearchEngines Namespace
Walter.Web.FireWall.Specialized Namespace
Walter.Web.FireWall.TagHelpers Namespace
Walter.Web.FireWall.UserAgent.UsersStack Namespace
Walter.Web.FireWall.ViewModels Namespace
Walter.Web.FireWall.WindowsEventLog Namespace
ASP-WAF | .Net API for WAF Systems

CrossSiteAttribute Class

Prevents Cross-site request (or CSRF) disallow an attacker to induce actions that they do not intend to. Only HTTPS requests are supported!

Namespace:  Walter.Web.FireWall.Annotations
Assembly:  Walter.Web.FireWall (in Walter.Web.FireWall.dll)

Syntax

public sealed class CrossSiteAttribute : BaseFireWallAttribute

Remarks

The default is false, typically this attribute will be used on all API endpoints that are supposed to be accessed only by code in the application's JavaScript

Only HTTPS requests are supported, in some case it may capture without HTTPS requests but not it's not reliable and therefore not recommended

Examples

The below example limits the updating of a user profile to only JavaScript updates on scripts coming from this site.
C#
[HttpPost]
   [CrossSite(useDefaultRedirect:false)]
   [Ignore(skip: FireWallGuardActions.ALL
   &~FireWallGuardActions.RejectCrossSiteRequests)]
   public IActionResult UpdateProfile([FromBody] UserViewModel model)
   {
   ...
   }

Inheritance Hierarchy

Walter.Web.FireWall.Annotations..::..BaseFireWallAttribute
  Walter.Web.FireWall.Annotations..::..CrossSiteAttribute

See Also

CrossSiteAttribute Members
Walter.Web.FireWall.Annotations Namespace
View the IPageRequest.ViolationsStack to access all violations on the page including those raised by this filter
View the IPageRequest.ViolationsStack to access all violations on the page including those raised by this filter
IFireWall.OnGuardAction: Will be raised if the firewall considers blocking and allows you to override the blocking action
IFireWall.OnIncident: Will be raised if the firewall considers generating an incident and allows you to override the incident registration