-
### Confirm you've already contributed to this project or that you sponsor it
- [X] I confirm I'm a sponsor or a contributor
### Version
5.4.0
### Question
# Background
We are currently workin…
-
## Suggestion/Concern
The httpOnly option for cookies is currently set to false, allowing them to be accessed via JavaScript. This poses a security risk as it makes the cookies vulnerable to cross-…
-
I just need update userinfo header when user logoin success,but when I execute HttpContext.SignInAsync and DispatchGlobal will 400 error ,In other cases DispatchGlobal is normal.
var claims = new L…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### Is your feature request related to a problem? Please describe the problem.
I'd like to revisit this issue: htt…
-
I have bought Livecharts.Geared use Microsoft account. But I can't login .
#### How to reproduce?
https://v0.lvcharts.com/Account/Login
click Microsoft account
#### Extra notes
Server E…
-
A middleware for CSRF (Cross Site Request Forgery) should be really usefull but brings some chalenges:
* How to manage the session?
* How make it easy to work with ajax?
References:
* https://gi…
-
# Description of Issue
The default configuration for Rails’ `ActionController::Base` does not automatically include the anti-CSRF mechanism, `protect_from_forgery`. This leaves affected many Rails ap…
-
-
### Is your feature request related to a problem? Please describe.
My web api application allows two SPAs working with it. Where each SPA is using different authentication scheme (cookie, and bas…
-
`routes.html` contains this link:
```html
Please refer here for more details on managing CSRF middleware.
```
https://github.com/kit-clj/kit-clj.github.io/blob/550f617a446dc51daff95da5d9b94e8f…