Skip to content

Add CSRF protection for SignalR requests #1413

Closed
DamianEdwards opened this Issue Jan 25, 2013 · 1 comment

4 participants

@DamianEdwards
SignalR member

SignalR is theoretically vulnerable to CSRF for HTTP POSTS. Fix it.

@davidfowl davidfowl was assigned Jan 25, 2013
@davidfowl davidfowl added a commit that referenced this issue Jan 25, 2013
@davidfowl davidfowl Mitigate csrf for authenticated users.
- Use User.Identity.Name as part of connectionToken and verify
  that the token against the user name for all operations.
- Added tests.

#1413
f41abf4
@rustd rustd was assigned Jan 25, 2013
@Xiaohongt
SignalR member

verified

@Xiaohongt Xiaohongt closed this Jan 26, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.