Dela via


AntiforgeryOptions Class

Definition

Provides programmatic configuration for the antiforgery token system.

public ref class AntiforgeryOptions
public class AntiforgeryOptions
type AntiforgeryOptions = class
Public Class AntiforgeryOptions
Inheritance
AntiforgeryOptions

Constructors

AntiforgeryOptions()

Fields

DefaultCookiePrefix

The default cookie prefix, which is ".AspNetCore.Antiforgery.".

Properties

Cookie

Determines the settings used to create the antiforgery cookies.

CookieDomain
Obsolete.

This property is obsolete and will be removed in a future version. The recommended alternative is on Cookie.

The domain set on the cookie. By default its null which results in the "domain" attribute not being set.

CookieName
Obsolete.

This property is obsolete and will be removed in a future version. The recommended alternative is on Cookie.

Specifies the name of the cookie that is used by the antiforgery system.

CookiePath
Obsolete.

This property is obsolete and will be removed in a future version. The recommended alternative is on Cookie.

The path set on the cookie. If set to null, the "path" attribute on the cookie is set to the current request's PathBase value. If the value of PathBase is null or empty, then the "path" attribute is set to the value of Path.

FormFieldName

Specifies the name of the antiforgery token field that is used by the antiforgery system.

HeaderName

Specifies the name of the header value that is used by the antiforgery system. If null then antiforgery validation will only consider form data.

RequireSsl
Obsolete.

This property is obsolete and will be removed in a future version. The recommended alternative is to set on Cookie.

true is equivalent to Always. false is equivalent to None.

Specifies whether SSL is required for the antiforgery system to operate. If this setting is 'true' and a non-SSL request comes into the system, all antiforgery APIs will fail.

SuppressReadingTokenFromFormBody

Specifies whether to suppress load of antiforgery token from request body.

SuppressXFrameOptionsHeader

Specifies whether to suppress the generation of X-Frame-Options header which is used to prevent ClickJacking. By default, the X-Frame-Options header is generated with the value SAMEORIGIN. If this setting is 'true', the X-Frame-Options header will not be generated for the response.

Applies to