Minimal APIs: IFormFile parameters require anti-forgery checks
Minimal API endpoints that consume an IFormFile or IFormFileCollection are now opted into requiring anti-forgery token validation using the new anti-forgery middleware.
Version introduced
ASP.NET Core 8.0 RC 1
Previous behavior
Minimal API endpoints that bound a parameter from the form via IFormFile or IFormFileCollection did not require anti-forgery validation.
New behavior
Minimal API endpoints that bind a parameter from the form via IFormFile or IFormFileCollection require anti-forgery validation. An exception is thrown at startup if the anti-forgery middleware isn't registered for an API that defines these input types.
Type of breaking change
This change is a behavioral change.
Reason for change
Anti-forgery token validation is a recommended security precaution for APIs that consume data from a form.
Recommended action
You can opt out of anti-forgery validation for specific endpoints by using the DisableAntiforgery<TBuilder>(TBuilder) method.
var app = WebApplication.Create();
app.MapPost("/", (IFormFile formFile) => ...)
.DisableAntiforgery();
app.Run();
Affected APIs
N/A
Обратна връзка
https://aka.ms/ContentUserFeedback.
Очаквайте скоро: През цялата 2024 г. постепенно ще отстраняваме проблемите в GitHub като механизъм за обратна връзка за съдържание и ще го заменим с нова система за обратна връзка. За повече информация вижте:Подаване и преглед на обратна връзка за