Open VictorioBerra opened 1 year ago
@VictorioBerra I would need to test this, don't know :)
FYI You could also use a HTTP custom header instead of anti-forgery tokens to protect against this threat as well. Validate this on the backend. (forces preflight requests)
Interested if you find a solution.
Greetings Damien
I want to add a typed client here https://github.com/damienbod/AspNetCoreExperiments/blob/main/BlazorBffAzureADWithApi/Client/Program.cs#L25
But I cant because my clients must be created with IAntiforgeryHttpClientFactory so that IJSRuntime can work.
Would it work to use DelegatingHandler instead and that way any typed clients inherit that ability?
IE: