Antiforgery

IEvangelist · Jul 9, 2024 · 337dc89 · 337dc89
1 parent eb69698
commit 337dc89
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/src/ProfanityFilter.WebApi/Endpoints/ProfanityFilterEndpointExtensions.cs b/src/ProfanityFilter.WebApi/Endpoints/ProfanityFilterEndpointExtensions.cs
@@ -21,7 +21,8 @@ internal static WebApplication MapProfanityFilterEndpoints(this WebApplication a
  .WithOpenApi()
  .WithSummary("""
  The profanity filter hub endpoint, used for live bi-directional updates.
- """);
+ """)
+ .DisableAntiforgery();
 
  profanity.MapPost("filter", OnApplyFilterAsync)
  .WithOpenApi()
@@ -31,7 +32,8 @@ internal static WebApplication MapProfanityFilterEndpoints(this WebApplication a
  .WithSummary("""
  Use this endpoint to attempt applying a profanity-filter. The response is returned as Markdown.
  """)
- .WithHttpLogging(HttpLoggingFields.All);
+ .WithHttpLogging(HttpLoggingFields.All)
+ .DisableAntiforgery();
 
  profanity.MapGet("strategies", OnGetStrategies)
  .WithOpenApi()
@@ -41,7 +43,8 @@ Use this endpoint to attempt applying a profanity-filter. The response is return
  .WithSummary("""
  Returns an array of the possible replacement strategies available. See https://github.com/IEvangelist/profanity-filter?tab=readme-ov-file#-replacement-strategies
  """)
- .WithHttpLogging(HttpLoggingFields.All);
+ .WithHttpLogging(HttpLoggingFields.All)
+ .DisableAntiforgery();
 
  profanity.MapGet("targets", OnGetTargets)
  .WithOpenApi()
@@ -51,7 +54,8 @@ Use this endpoint to attempt applying a profanity-filter. The response is return
  .WithSummary("""
  Returns an array of the possible filter targets available.
  """)
- .WithHttpLogging(HttpLoggingFields.All);
+ .WithHttpLogging(HttpLoggingFields.All)
+ .DisableAntiforgery();
 
  var data = profanity.MapGroup("data");
 
@@ -63,7 +67,8 @@ Returns an array of the possible filter targets available.
  .WithSummary("""
  Returns an array of the data names.
  """)
- .WithHttpLogging(HttpLoggingFields.All);
+ .WithHttpLogging(HttpLoggingFields.All)
+ .DisableAntiforgery();
 
  data.MapGet("{name}", OnGetDataByNameAsync)
  .WithOpenApi()
@@ -73,7 +78,8 @@ Returns an array of the data names.
  .WithSummary("""
  Returns an array of the profane words for a given data name.
  """)
- .WithHttpLogging(HttpLoggingFields.All);
+ .WithHttpLogging(HttpLoggingFields.All)
+ .DisableAntiforgery();
 
  return app;
  }

diff --git a/src/ProfanityFilter.WebApi/Program.cs b/src/ProfanityFilter.WebApi/Program.cs
@@ -12,6 +12,8 @@
  static options => options.EnableDetailedErrors = true)
  .AddMessagePackProtocol();
 
+builder.Services.AddAntiforgery();
+
 builder.Services.AddProfanityFilterServices();
 
 builder.Services.AddRazorComponents()
@@ -25,6 +27,8 @@
 
 var app = builder.Build();
 
+app.UseAntiforgery(); 
+
 app.UseSwagger();
 app.UseSwaggerUI();
 app.UseHttpsRedirection();