This repository was archived by the owner on Dec 14, 2018. It is now read-only.
This repository was archived by the owner on Dec 14, 2018. It is now read-only.
IgnoreAntiforgeryTokenAttribute possibly broken on 1.1.0 #5552
Description
I have the following test application with a global filter for anti-forgery token validation and then a validation bypass on a specific action method:
Startup
public class Startup { public void ConfigureServices(IServiceCollection services) { services.AddMvc(options => { options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()); }); } public void Configure(IApplicationBuilder app) { app.UseMvcWithDefaultRoute(); } } Controller
public class TestController : Controller { [HttpGet] public IActionResult Index() { return View(); } [HttpPost, IgnoreAntiforgeryToken] public IActionResult Index(string test) { return Content("OK"); } } Index view
<form asp-antiforgery="false"> <button>Submit</button> </form> Using the 1.0.1 MVC package I can access /Test, submit and get the successful response. However, if I use the 1.1.0 package I get a 400 Bad Request when submitting the form
Am i missing something or did this behavior actually change?