-
-
Notifications
You must be signed in to change notification settings - Fork 159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What am I supposed to see if the install worked in VS2017 #5
Comments
Few Questions:
This thing seems really cool. I'm grateful for the work you've put in on it! I'm just trying to make it clear for others who install it how to a) get it functional b) what limitations it has for scanning certain controller types. |
@JarLob thanks for the well explained response. I didn't know about the Error List ... indicating it was still analyzing, so that will be helpful going forward. I'm personnally trying to research the most pragmatic way to add CSRF to this Angular 1.x app. They chose to use the apiController, not so outside sources could call the api, but solely for GET and POST operation from this single page app done in TypeScript. I'm going to experiment and try adding an |
I ended up combining https://stackoverflow.com/questions/32460196/angularjs-web-api-antiforgerytoken-csrf/32460197#32460197 and https://stackoverflow.com/questions/11725988/problems-implementing-validatingantiforgerytoken-attribute-for-web-api-with-mvc/16092115#16092115 to build a custom |
I downloaded and install your extension from https://marketplace.visualstudio.com/items?itemName=JaroslavLobacevski.SecurityCodeScan after hearing about it on https://marketplace.visualstudio.com/items?itemName=PhilippeArteau.RoslynSecurityGuard
What I've done so far:
AdditionalFileItemNames>$(AdditionalFileItemNames);Content</AdditionalFileItemNames>
to my .csprojpublic class ServicesController : ApiController
[HttpPost]s with [AntiForgeryToken]Did I miss something?
The text was updated successfully, but these errors were encountered: