From bf4052b550a3aa507306992249a9e84c07cf5d1a Mon Sep 17 00:00:00 2001
From: sbwalker <shaun.walker@siliqon.com>
Date: Wed, 8 May 2024 14:42:39 -0400
Subject: [PATCH] require AntiForgery on Static Rendered components

---
 .../Extensions/ComponentEndpointRouteBuilderExtensions.cs       | 2 ++
 Oqtane.Server/Startup.cs                                        | 1 +
 2 files changed, 3 insertions(+)

diff --git a/Oqtane.Server/Extensions/ComponentEndpointRouteBuilderExtensions.cs b/Oqtane.Server/Extensions/ComponentEndpointRouteBuilderExtensions.cs
index b464e81d..77731577 100644
--- a/Oqtane.Server/Extensions/ComponentEndpointRouteBuilderExtensions.cs
+++ b/Oqtane.Server/Extensions/ComponentEndpointRouteBuilderExtensions.cs
@@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Routing;
 using System;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.AspNetCore.Antiforgery;
 
 namespace OqtaneSSR.Extensions
 {
@@ -23,6 +24,7 @@ namespace OqtaneSSR.Extensions
             {
                 routeEndpointBuilder.Metadata.Add(new RootComponentMetadata(typeof(App)));
                 routeEndpointBuilder.Metadata.Add(new ComponentTypeMetadata(typeof(App)));
+                routeEndpointBuilder.Metadata.Add(new RequireAntiforgeryTokenAttribute());
             });
         }
     }
diff --git a/Oqtane.Server/Startup.cs b/Oqtane.Server/Startup.cs
index 0a83d275..d4bf0161 100644
--- a/Oqtane.Server/Startup.cs
+++ b/Oqtane.Server/Startup.cs
@@ -216,6 +216,7 @@ namespace Oqtane
             app.UseCors();
             app.UseAuthentication();
             app.UseAuthorization();
+            app.UseAntiforgery();
 
             if (_useSwagger)
             {