Browse Source

Update the samples to use explicit [IgnoreAntiforgeryToken] attributes on relevant actions

pull/1505/head
Kévin Chalet 4 years ago
parent
commit
301e9a1c8c
  1. 4
      sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs

4
sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs

@ -315,7 +315,7 @@ public class AuthorizationController : Controller
#region Device flow
// Note: to support the device flow, you must provide your own verification endpoint action:
[Authorize, HttpGet("~/connect/verify")]
[Authorize, HttpGet("~/connect/verify"), IgnoreAntiforgeryToken]
public async Task<IActionResult> Verify()
{
var request = HttpContext.GetOpenIddictServerRequest() ??
@ -446,7 +446,7 @@ public class AuthorizationController : Controller
// Note: to support non-interactive flows like password,
// you must provide your own token endpoint action:
[HttpPost("~/connect/token"), Produces("application/json")]
[HttpPost("~/connect/token"), IgnoreAntiforgeryToken, Produces("application/json")]
public async Task<IActionResult> Exchange()
{
var request = HttpContext.GetOpenIddictServerRequest() ??

Loading…
Cancel
Save