Skip to main content

Namespace ServiceStack.Html.AntiXsrf

Classes

AntiForgery

Provides access to the anti-forgery system, which provides protection against Cross-site Request Forgery (XSRF, also called CSRF) attacks.

AntiForgeryConfig

Provides programmatic configuration for the anti-forgery token system.

HttpAntiForgeryException

Interfaces

IAntiForgeryAdditionalDataProvider

Allows providing or validating additional custom data for anti-forgery tokens. For example, the developer could use this to supply a nonce when the token is generated, then he could validate the nonce when the token is validated.

The anti-forgery system already embeds the client's username within the generated tokens. This interface provides and consumes <em>supplemental</em> data. If an incoming anti-forgery token contains supplemental data but no additional data provider is configured, the supplemental data will not be validated.