I have been researching about JWT and antiforgery token and I found this article from Microsoft where it indicates that in JWT the antiforgery validation is not necessary. Is this correct or did I understand wrong? I am developing an application with webapi and angular 6 with JWT

JWT and antiforgery token

1 Answers

Antiforgery token protects from CSRF attacks, which are based on cookies.

As long as your JWT is manually attached to the selected requests (unlike cookies that are attached to every request in the browser) the CSRF is not possible anymore.

So, the answer is: it is correct for the tokens that are not sent in cookies.

answered Sep 22 '22 10:09

smnbbrv

Recent Activity
Apple Pay - authorize.net returns error 153 only when live, sandbox works
How to continue cursor loop even error occured in the loop
python find all neighbours of a given node in a list of lists
Fatal error: Call to a member function setColumn() on a non-object in Magento
Count how many of each value from a field with MySQL and PHP
Python 32-bit development on 64-bit Windows [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

JWT and antiforgery token

Tags:

angular

asp.net-core

jwt

elchente23

1 Answers

smnbbrv

Recent Activity

Donate For Us

JWT and antiforgery token

Tags:

angular

asp.net-core

jwt

elchente23

1 Answers

smnbbrv

Related questions

Recent Activity

Donate For Us