BEXIS2
diff --git a/‎Components/App/BExIS.App.Bootstrap/Attributes/ValidateAntiForgeryTokenOnPost.cs‎
Lines changed: 31 additions & 0 deletions b/‎Components/App/BExIS.App.Bootstrap/Attributes/ValidateAntiForgeryTokenOnPost.cs‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎Components/App/BExIS.App.Bootstrap/BExIS.App.Bootstrap.csproj‎
Lines changed: 1 addition & 0 deletions b/‎Components/App/BExIS.App.Bootstrap/BExIS.App.Bootstrap.csproj‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎Console/BExIS.Web.Shell.Svelte/package-lock.json‎
Lines changed: 4 additions & 4 deletions b/‎Console/BExIS.Web.Shell.Svelte/package-lock.json‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎Console/BExIS.Web.Shell.Svelte/package.json‎
Lines changed: 1 addition & 1 deletion b/‎Console/BExIS.Web.Shell.Svelte/package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Console/BExIS.Web.Shell/Areas/DCM/BExIS.Modules.Dcm.UI.Svelte/package-lock.json‎
Lines changed: 9 additions & 9 deletions b/‎Console/BExIS.Web.Shell/Areas/DCM/BExIS.Modules.Dcm.UI.Svelte/package-lock.json‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎Console/BExIS.Web.Shell/Areas/DCM/BExIS.Modules.Dcm.UI.Svelte/package.json‎
Lines changed: 1 addition & 1 deletion b/‎Console/BExIS.Web.Shell/Areas/DCM/BExIS.Modules.Dcm.UI.Svelte/package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Console/BExIS.Web.Shell/Areas/DDM/BExIS.Modules.Ddm.UI.Svelte/package-lock.json‎
Lines changed: 4 additions & 4 deletions b/‎Console/BExIS.Web.Shell/Areas/DDM/BExIS.Modules.Ddm.UI.Svelte/package-lock.json‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎Console/BExIS.Web.Shell/Areas/DDM/BExIS.Modules.Ddm.UI.Svelte/package.json‎
Lines changed: 1 addition & 1 deletion b/‎Console/BExIS.Web.Shell/Areas/DDM/BExIS.Modules.Ddm.UI.Svelte/package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Console/BExIS.Web.Shell/Areas/DDM/BExIS.Modules.Ddm.UI/Controllers/PublicSearchController.cs‎
Lines changed: 14 additions & 13 deletions b/‎Console/BExIS.Web.Shell/Areas/DDM/BExIS.Modules.Ddm.UI/Controllers/PublicSearchController.cs‎
Lines changed: 14 additions & 13 deletions
diff --git a/‎Console/BExIS.Web.Shell/Areas/DDM/BExIS.Modules.Ddm.UI/Controllers/SearchController.cs‎
Lines changed: 13 additions & 1 deletion b/‎Console/BExIS.Web.Shell/Areas/DDM/BExIS.Modules.Ddm.UI/Controllers/SearchController.cs‎
Lines changed: 13 additions & 1 deletion
@@ -0,0 +1,31 @@
+using BExIS.Security.Entities.Requests;
+using System.Web.Helpers;
+using System.Web.Mvc;
+
+namespace BExIS.App.Bootstrap.Attributes
+{
+    public class ValidateAntiForgeryTokenOnPost: ActionFilterAttribute
+    {
+        public void OnAuthorization(AuthorizationContext filterContext)
+        {
+            var request = filterContext.HttpContext.Request;
+
+            if (filterContext.HttpContext.Request.HttpMethod == "POST")
+            {
+                var cookieToken = request.Cookies[AntiForgeryConfig.CookieName]?.Value;
+
+                // check for token in form data
+                var formToken = request.Form["__RequestVerificationToken"];
+
+                // check header for post from javascript
+                if (formToken==null)
+                {
+                    formToken = request.Headers["__RequestVerificationToken"];
+                }
+
+                AntiForgery.Validate(cookieToken, formToken);
+                //AntiForgery.Validate();
+            }
+        }
+    }
+}
@@ -112,6 +112,7 @@
     <Compile Include="Attributes\MinCapacityAttribute.cs" />
     <Compile Include="Attributes\NoNullOrEmptyItemsAttribute.cs" />
     <Compile Include="Attributes\ThrottlingFilterAttribute.cs" />
+    <Compile Include="Attributes\ValidateAntiForgeryTokenOnPost.cs" />
     <Compile Include="Extensions\AuthorizationContextExtensions.cs" />
     <Compile Include="Helpers\BExISAuthorizeHelper.cs" />
     <Compile Include="Helpers\JwtHelper.cs" />
 
@@ -52,7 +52,7 @@
 	},
 	"type": "module",
 	"dependencies": {
-		"@bexis2/bexis2-core-ui": "0.4.47",
+		"@bexis2/bexis2-core-ui": "0.4.49",
 		"@sveltejs/adapter-static": "3.0.2",
 		"buffer": "6.0.3",
 		"gray-matter": "4.0.3",
 
@@ -50,7 +50,7 @@
 	},
 	"type": "module",
 	"dependencies": {
-		"@bexis2/bexis2-core-ui": "0.4.47",
+		"@bexis2/bexis2-core-ui": "0.4.49",
 		"@bexis2/bexis2-rpm-ui": "0.2.11",
 		"@floating-ui/dom": "1.6.8",
 		"@fortawesome/free-solid-svg-icons": "6.6.0",
 
@@ -50,7 +50,7 @@
 	},
 	"type": "module",
 	"dependencies": {
-		"@bexis2/bexis2-core-ui": "0.4.47",
+		"@bexis2/bexis2-core-ui": "0.4.49",
 		"@floating-ui/dom": "1.6.8",
 		"@fortawesome/free-solid-svg-icons": "6.6.0",
 		"@sveltejs/adapter-static": "3.0.2",
 
@@ -1,4 +1,5 @@
-using BExIS.Ddm.Api;
+using BExIS.App.Bootstrap.Attributes;
+using BExIS.Ddm.Api;
 using BExIS.UI.Helpers;
 using BExIS.Utils.Models;
 using Newtonsoft.Json;
@@ -55,7 +56,7 @@ public JsonResult Query()
         /// <param name="searchType"></param>
         /// <param name="model"></param>
         /// <returns></returns>
-        [HttpPost]
+        [HttpPost, ValidateAntiForgeryTokenOnPost]
         public JsonResult Query(string autoComplete, string FilterList, string searchType)
         {
             ViewBag.Title = PresentationModel.GetViewTitleForTenant("Search in Public Datasets", this.Session.GetTenant());
@@ -100,7 +101,7 @@ public JsonResult Query(string autoComplete, string FilterList, string searchTyp
         /// <param name="searchType"></param>
         /// <param name="model"></param>
         /// <returns></returns>
-        [HttpPost]
+       [HttpPost, ValidateAntiForgeryTokenOnPost]
         public JsonResult FilterByDropDownList(string SelectedFilter, string searchType)
         {
             ViewBag.Title = PresentationModel.GetViewTitleForTenant("Search", this.Session.GetTenant());
@@ -115,7 +116,7 @@ public JsonResult FilterByDropDownList(string SelectedFilter, string searchType)
         /// </summary>
         /// <param name="model"></param>
         /// <returns></returns>
-        [HttpPost]
+       [HttpPost, ValidateAntiForgeryTokenOnPost]
         public JsonResult _AutoCompleteAjaxLoading(string text)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -131,7 +132,7 @@ public JsonResult _AutoCompleteAjaxLoading(string text)
         /// <param name="value">consist the searchType</param>
         /// <param name="model"></param>
         /// <returns></returns>
-        [HttpPost]
+       [HttpPost, ValidateAntiForgeryTokenOnPost]
         public void ChangeSearchValuesACBySearchType(string value)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -151,7 +152,7 @@ public void ChangeSearchValuesACBySearchType(string value)
         /// <param name="IsChecked">show the status of the checkbox (true = selected/false=deselected)</param>
         /// <param name="model"></param>
         /// <returns></returns>
-        [HttpPost]
+       [HttpPost, ValidateAntiForgeryTokenOnPost]
         public JsonResult ToggleFacet(string SelectedItem, string Parent)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -222,7 +223,7 @@ public JsonResult OnSelectTreeViewItem(string SelectedItem, string Parent)
         /// </summary>
         /// <param name="model"></param>
         /// <returns></returns>
-        [HttpPost]
+       [HttpPost, ValidateAntiForgeryTokenOnPost]
         public JsonResult AddFacetsToSearch()
         {
             ViewBag.Title = PresentationModel.GetViewTitleForTenant("Search", this.Session.GetTenant());
@@ -327,7 +328,7 @@ public JsonResult RemoveSearchCriteria(string value, string parent)
         #endregion BreadcrumbView
 
         #region Datagrid
-        [HttpPost]
+       [HttpPost, ValidateAntiForgeryTokenOnPost]
         public JsonResult GetTableData()
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -348,14 +349,14 @@ public JsonResult SetResultViewVar(string key, string value)
         #region Properties _searchProperties
 
         //+++++++++++++++++++++ Properties Sliders Action +++++++++++++++++++++++++++
-        [HttpPost]
+       [HttpPost, ValidateAntiForgeryTokenOnPost]
         public JsonResult FilterByRangeSlider(int start, int end, string parent)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
             return Json(provider.WorkingSearchModel);
         }
 
-        [HttpPost]
+       [HttpPost, ValidateAntiForgeryTokenOnPost]
         public JsonResult FilterBySlider(int value, string parent)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -368,7 +369,7 @@ public JsonResult FilterBySlider(int value, string parent)
         }
 
         //+++++++++++++++++++++Properties DropDown Action +++++++++++++++++++++++++++
-        [HttpPost]
+       [HttpPost, ValidateAntiForgeryTokenOnPost]
         public JsonResult FilterByDropDown(string value, string node)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -381,7 +382,7 @@ public JsonResult FilterByDropDown(string value, string node)
         }
 
         //+++++++++++++++++++++Properties RadioButton Action +++++++++++++++++++++++++++
-        [HttpPost]
+       [HttpPost, ValidateAntiForgeryTokenOnPost]
         public JsonResult FilterByRadioButton(string value, string node, bool isChecked)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -393,7 +394,7 @@ public JsonResult FilterByRadioButton(string value, string node, bool isChecked)
 
         //+++++++++++++++++++++Properties ´CheckButton Action +++++++++++++++++++++++++++
 
-        [HttpPost]
+       [HttpPost, ValidateAntiForgeryTokenOnPost]
         public JsonResult FilterByCheckBox(string value, string node, bool isChecked)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
 
@@ -1,4 +1,6 @@
-using BExIS.Ddm.Api;
+using BExIS.App.Bootstrap.Attributes;
+using BExIS.Ddm.Api;
+using BExIS.Security.Entities.Requests;
 using BExIS.UI.Helpers;
 using BExIS.Utils.Models;
 using BExIS.Xml.Helpers;
@@ -7,6 +9,7 @@
 using System.Collections.Generic;
 using System.Data;
 using System.Linq;
+using System.Web.Helpers;
 using System.Web.Mvc;
 using Telerik.Web.Mvc;
 using Vaiona.IoC;
@@ -62,6 +65,7 @@ public JsonResult Query()
         /// <param name="model"></param>
         /// <returns></returns>
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public JsonResult Query(string autoComplete, string FilterList, string searchType)
         {
             ViewBag.Title = PresentationModel.GetViewTitleForTenant("Search", this.Session.GetTenant());
@@ -176,6 +180,7 @@ public void ChangeSearchValuesACBySearchType(string value)
         /// <param name="model"></param>
         /// <returns></returns>
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public JsonResult ToggleFacet(string SelectedItem, string Parent)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -257,6 +262,7 @@ public JsonResult OnSelectTreeViewItem(string SelectedItem, string Parent)
         /// <param name="model"></param>
         /// <returns></returns>
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public JsonResult AddFacetsToSearch()
         {
             ViewBag.Title = PresentationModel.GetViewTitleForTenant("Search", this.Session.GetTenant());
@@ -368,6 +374,7 @@ public JsonResult RemoveSearchCriteria(string value, string parent)
 
         #region Datagrid
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public JsonResult GetTableData()
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -389,6 +396,7 @@ public JsonResult SetResultViewVar(string key, string value)
 
         //+++++++++++++++++++++ Properties Sliders Action +++++++++++++++++++++++++++
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public JsonResult FilterByRangeSlider(int start, int end, string parent)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -398,6 +406,7 @@ public JsonResult FilterByRangeSlider(int start, int end, string parent)
         }
 
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public JsonResult FilterBySlider(int value, string parent)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -411,6 +420,7 @@ public JsonResult FilterBySlider(int value, string parent)
 
         //+++++++++++++++++++++Properties DropDown Action +++++++++++++++++++++++++++
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public JsonResult FilterByDropDown(string value, string node)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -424,6 +434,7 @@ public JsonResult FilterByDropDown(string value, string node)
 
         //+++++++++++++++++++++Properties RadioButton Action +++++++++++++++++++++++++++
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public JsonResult FilterByRadioButton(string value, string node, bool isChecked)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();
@@ -436,6 +447,7 @@ public JsonResult FilterByRadioButton(string value, string node, bool isChecked)
         //+++++++++++++++++++++Properties ´CheckButton Action +++++++++++++++++++++++++++
 
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public JsonResult FilterByCheckBox(string value, string node, bool isChecked)
         {
             ISearchProvider provider = IoCFactory.Container.ResolveForSession<ISearchProvider>();