Add Antiforgery to Middleware order and Built-in middleware sections #32565
Comments
dotnet-bot
added
⌚ Not Triaged
aspnet-core/svc
fundamentals/subsvc
Source - Docs.ms
|
Hello @mmarinchenko ... What are you asking for? The content is already present in the sections. |
|
@guardrex The Antiforgery middleware depends on the order in which it is added to the request processing pipeline (as well as Cors, OutputCaching, RequestTimeouts and several others). This is covered in the migration article in Blazor context, but not in the main middleware documentation. See Page URL in the description: ASP.NET Core Middleware. The reference links are provided for reference only 🙂 |
|
I see ... but the issue has to be opened from the bottom of that article to get the correct metadata and author ping. Re-open the issue from there, and then the author of that article will address it. |
|
@guardrex It was opened right from there (see attached screenshots). The Page URL and Content source URL fields contain correct links to the published document and the source code on GitHub. What exactly is wrong? |
|
@guardrex If you are confused by the Blazor tag, then it was added by @Rick-Anderson, not by me. |
|
My bad ...... so much for looking at issues on the phone while OOF! 🙈😆 |
You guys really need to rest sometimes 😅 |
|
I like to try and respond quickly, but it all went horribly wrong this time. I think I thought that this was about the Middleware doc but opened from the Migration article ... even the "M" in both words (links) might have thrown me off 😈. Looking at these on a phone screen isn't a good experience anyway. The Middleware in Minimal APIs article makes a mention near the end on where to find more information on the Antiforgery Middleware and cross-links to ... https://learn.microsoft.com/aspnet/core/security/anti-request-forgery?view=aspnetcore-8.0#afwma ... and that's where there's information about placement (ordering). Rick will determine if/where remarks should go when he sees this. |
Description
The Antiforgery middleware should be added to request processing pipeline after Routing, Authentication, and Authorization but before Endpoint.
Reference: Migrate from ASP.NET Core in .NET 7 to .NET 8 ->
Page URL
https://learn.microsoft.com/en-us/aspnet/core/fundamentals/middleware/?view=aspnetcore-9.0#middleware-order
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/fundamentals/middleware/index.md
Document ID
3926c686-0ccc-f9fe-ca52-0134612a1623
Article author
@Rick-Anderson
The text was updated successfully, but these errors were encountered: