create separate API methods for tokens (short-lived) and personal access tokens (long-lived), include global antiforgery filter to mitigate XSRF when using cookie auth (ignored when using Jwt)

2022-04-14 19:41:43 -04:00
parent c616878a64
commit f6b3874668
9 changed files with 120 additions and 6 deletions
--- a/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
+++ b/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
@ -72,6 +72,7 @@ namespace Microsoft.Extensions.DependencyInjection
            services.AddSingleton<IDatabaseManager, DatabaseManager>();
            services.AddSingleton<IConfigManager, ConfigManager>();
            services.AddSingleton<ILoggerProvider, FileLoggerProvider>();
+            services.AddSingleton<AutoValidateAntiforgeryTokenFilter>();
            return services;
        }