Register global antiforgery token validation

IliyanAng · IliyanAng · commit 25e068ca5a1e · 2020-03-28T14:50:12.000+02:00
Change will not affect behavior of template, as per Microsoft documentation : "In ASP.NET Core 2.0 or later, the FormTagHelper injects antiforgery tokens into HTML form elements. The following markup in a Razor file automatically generates antiforgery tokens: <form method="post"> ... </form>" (REF: https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-3.1)
diff --git a/ASP.NET Core/Web/AspNetCoreTemplate.Web/Startup.cs b/ASP.NET Core/Web/AspNetCoreTemplate.Web/Startup.cs
@@ -16,6 +16,7 @@
     using Microsoft.AspNetCore.Builder;
     using Microsoft.AspNetCore.Hosting;
     using Microsoft.AspNetCore.Http;
+    using Microsoft.AspNetCore.Mvc;
     using Microsoft.EntityFrameworkCore;
     using Microsoft.Extensions.Configuration;
     using Microsoft.Extensions.DependencyInjection;
@@ -46,7 +47,11 @@ public void ConfigureServices(IServiceCollection services)
                         options.MinimumSameSitePolicy = SameSiteMode.None;
                     });
 
-            services.AddControllersWithViews();
+            services.AddControllersWithViews(options =>
+            {
+                options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
+            });
+
             services.AddRazorPages();
 
             services.AddSingleton(this.configuration);
