Walter.BOM Namespace
Walter.Web.FireWall Namespace
ASP-WAF | .Net API for WAF Systems

CrossSiteAttribute Class

Prevents Cross-site request (or CSRF) disallow an attacker to induce actions that they do not intend to. Only HTTPS requests are supported!

Namespace:  Walter.Web.FireWall.Annotations
Assembly:  Walter.Web.FireWall (in Walter.Web.FireWall.dll)


public sealed class CrossSiteAttribute : BaseFireWallAttribute


The default is false, typically this attribute will be used on all API endpoints that are supposed to be accessed only by code in the application's JavaScript

Only HTTPS requests are supported, in some case it may capture without HTTPS requests but not it's not reliable and therefore not recommended


The below example limits the updating of a user profile to only JavaScript updates on scripts coming from this site.
   [Ignore(skip: FireWallGuardActions.ALL
   public IActionResult UpdateProfile([FromBody] UserViewModel model)

Inheritance Hierarchy