Terabits

Microsoft has greatly simplified ASP.NET Core 2.x implementation of the security implementation on out-of-site request spoofing, that is, someone forging the POST / PUT from another location. By definition, for the GET and TRACE method there is no protection for this scenario. With a few simple steps you will be able to implement this level of security in your web application. 1 - In the HTML form of your application add: @Html.AntiForgeryToken() 2 - In the class Controller add the attribute: AutoValidateAntiforgeryToken So all the methods of the class will be under protection. Optionally you can work individually by adding to each method the attribute: ValidateAntiForgeryToken Also worth using the attribute: IgnoreAntiforgeryToken 4 - In the jQuery Ajax call:      beforeSend: function (xhr) {             xhr.setRequestHeader("XSRF-TOKEN", $('input:hidden[name="__RequestVerificationToken"]').val());  ...