Walter.BOM Namespace
Walter.Web.FireWall Namespace
ASP-WAF Web application firewall for .Net 6, .Net 5, .Net Standard 2.1 and .Net Core 3.x

CrossSiteAttribute Class

Prevents Cross-site request (or CSRF) disallow an attacker to induce actions that they do not intend to. Only HTTPS requests are supported!

Namespace:  Walter.Web.FireWall.Annotations
Assembly:  Walter.Web.FireWall (in Walter.Web.FireWall.dll)

Syntax


public sealed class CrossSiteAttribute : BaseFireWallAttribute

Remarks


The default is false, typically this attribute will be used on all API endpoints that are supposed to be accessed only by code in the application's JavaScript

Only HTTPS requests are supported, in some case it may capture without HTTPS requests but not it's not reliable and therefore not recommended

Examples


The below example limits the updating of a user profile to only JavaScript updates on scripts coming from this site.
C#
[HttpPost]
   [CrossSite(useDefaultRedirect:false)]
   [Ignore(skip: FireWallGuardActions.ALL
   &~FireWallGuardActions.RejectCrossSiteRequests)]
   public IActionResult UpdateProfile([FromBody] UserViewModel model)
   {
   ...
   }

Inheritance Hierarchy


Walter.Web.FireWall.Annotations..::..BaseFireWallAttribute
  Walter.Web.FireWall.Annotations..::..CrossSiteAttribute