You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note that export configuration is taken from the post data instead of the application setting.
Issue
When I configure the griddview not to use pdf export (for example) the user should not be able to ignore that and just send his own POST request demanding a PDF export.
If you want to be stateless in the export, the original configuration should at least be signed so that it can be verified in the control.
Consider a scenario where you disable PDF exporting (maybe it's too heavy on your server). Any user can than still force PDF export by simplying forging a POST request manually.
Steps to reproduce the issue
Issue
When I configure the griddview not to use pdf export (for example) the user should not be able to ignore that and just send his own POST request demanding a PDF export.
If you want to be stateless in the export, the original configuration should at least be signed so that it can be verified in the control.
Consider a scenario where you disable PDF exporting (maybe it's too heavy on your server). Any user can than still force PDF export by simplying forging a POST request manually.
Isolating the problem
The text was updated successfully, but these errors were encountered: