From 301e9a1c8cc8aae0e12ea83b4f0df930cbf758fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Fri, 5 Aug 2022 16:38:48 +0200 Subject: [PATCH] Update the samples to use explicit [IgnoreAntiforgeryToken] attributes on relevant actions --- .../Controllers/AuthorizationController.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs index c3e1ce8e..497b2a27 100644 --- a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs +++ b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs @@ -315,7 +315,7 @@ public class AuthorizationController : Controller #region Device flow // Note: to support the device flow, you must provide your own verification endpoint action: - [Authorize, HttpGet("~/connect/verify")] + [Authorize, HttpGet("~/connect/verify"), IgnoreAntiforgeryToken] public async Task Verify() { var request = HttpContext.GetOpenIddictServerRequest() ?? @@ -446,7 +446,7 @@ public class AuthorizationController : Controller // Note: to support non-interactive flows like password, // you must provide your own token endpoint action: - [HttpPost("~/connect/token"), Produces("application/json")] + [HttpPost("~/connect/token"), IgnoreAntiforgeryToken, Produces("application/json")] public async Task Exchange() { var request = HttpContext.GetOpenIddictServerRequest() ??