Skip to content

Add CSRF protection for SignalR requests #1413

DamianEdwards opened this Issue Jan 25, 2013 · 1 comment

4 participants

SignalR member

SignalR is theoretically vulnerable to CSRF for HTTP POSTS. Fix it.

@davidfowl davidfowl was assigned Jan 25, 2013
@davidfowl davidfowl added a commit that referenced this issue Jan 25, 2013
@davidfowl davidfowl Mitigate csrf for authenticated users.
- Use User.Identity.Name as part of connectionToken and verify
  that the token against the user name for all operations.
- Added tests.

@rustd rustd was assigned Jan 25, 2013
SignalR member


@Xiaohongt Xiaohongt closed this Jan 26, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.