ASP-WAF Web application firewall for .Net 5, .Net Standard 2.1 and .Net Core 3.x

CrossSiteAttribute Class

Prevents Cross-site request (or CSRF) disallow an attacker to induce actions that they do not intend to. Only HTTPS requests are supported!

Namespace:  Walter.Web.FireWall.Annotations
Assembly:  Walter.Web.FireWall (in Walter.Web.FireWall.dll)

Syntax


[CLSCompliantAttribute]
[AttributeUsageAttribute]
public sealed class CrossSiteAttribute : BaseFireWallAttribute, 
	IActionFilter, IEquatable<CrossSiteAttribute>

Remarks


The default is false, typically this attribute will be used on all API endpoints that are supposed to be accessed only by code in the application's JavaScript

Only HTTPS requests are supported, in some case it may capture without HTTPS requests but not it's not reliable and therefore not recommended

Examples


The below example limits the updating of a user profile to only JavaScript updates on scripts coming from this site.
C#
[HttpPost]
[CrossSite(useDefaultRedirect:false)]
[Ignore(skip: FireWallGuardActions.ALL
&~FireWallGuardActions.RejectCrossSiteRequests)]
public IActionResult UpdateProfile([FromBody] UserViewModel model)
{
...
}

Inheritance Hierarchy


Walter.Web.FireWall.Annotations..::..BaseFireWallAttribute
      Walter.Web.FireWall.Annotations..::..CrossSiteAttribute

See Also


View the IPageRequest.ViolationsStack to access all violations on the page including those raised by this filter
View the IPageRequest.ViolationsStack to access all violations on the page including those raised by this filter
IFireWall.OnGuardAction: Will be raised if the firewall considers blocking and allows you to override the blocking action
IFireWall.OnIncident: Will be raised if the firewall considers generating an incident and allows you to override the incident registration