Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revamping form-binding in minimal APIs and MVC #49543

Closed
7 of 10 tasks
captainsafia opened this issue Jul 20, 2023 · 2 comments
Closed
7 of 10 tasks

Revamping form-binding in minimal APIs and MVC #49543

captainsafia opened this issue Jul 20, 2023 · 2 comments
Assignees
@captainsafia
Labels
area-minimal Includes minimal APIs, endpoint filters, parameter binding, request delegate generator etc area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates feature-rdf
Milestone
8.0-rc1

Comments

@captainsafia
Copy link
Member

captainsafia commented Jul 20, 2023
edited

This is a meta issue to track follow-up items in the work to add complex form binding support with anti-forgery token validation enabled for MVC and minimal APIs.

  • API review for RequestTokenValidationAttribute
  • Add support for modify FormOptions via metadata
  • Add support for modifying FormDataMapperOptions via metadata
  • Add support for DisableRequestSizeLimits
  • Perf analyzer for anti-forgery middleware checks in endpoint routing
  • Anti-forgery threat model
  • Add tests for expanded form-binding scenarios
    • Recursive values
    • Enum values
    • Attributes for modifying binding (Ignore, DataMember)
@captainsafia captainsafia added area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates area-minimal Includes minimal APIs, endpoint filters, parameter binding, request delegate generator etc feature-rdf labels Jul 20, 2023
@captainsafia captainsafia added this to the 8.0-rc1 milestone Jul 20, 2023
@Tratcher
Copy link
Member

  • Add support for modify FormOptions via metadata

See MVC's RequestFormLimitsAttribute. These limits need to be applied when AntiForgery reads the form.

@captainsafia captainsafia self-assigned this Aug 1, 2023
This was referenced Aug 8, 2023
Merged
Merged
@captainsafia
Copy link
Member Author

Closing this for now as I think the test cover in this test file provide good coverage here.

@dotnet dotnet locked as resolved and limited conversation to collaborators Sep 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@captainsafia captainsafia

Labels
area-minimal Includes minimal APIs, endpoint filters, parameter binding, request delegate generator etc area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates feature-rdf
Projects
None yet
Milestone
8.0-rc1
Development

No branches or pull requests
2 participants
@Tratcher @captainsafia