Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Enabled option for request validation, in favor of AllowLocal (please provide feedback) #124

Open
Swimburger opened this issue Mar 3, 2023 · 1 comment
Open

Add Enabled option for request validation, in favor of AllowLocal (please provide feedback) #124

Swimburger opened this issue Mar 3, 2023 · 1 comment

Comments

@Swimburger
Copy link
Contributor

Swimburger commented Mar 3, 2023
edited
Loading

Recently, the default value for AllowLocal has been changed from true to false.
This was because AllowLocal makes the request validation vulnerable to Server-Side Request Forgery.

Maybe it makes more sense to build in a kill-switch to turn on/off request validation as a whole, instead of AllowLocal.
This option would respect .NET configuration's reloadOnChange feature, so it can be changed without having to restart the application.

I'm just thinking out loud here and would like feedback, thank you!
@dkrasnove
Copy link

dkrasnove commented Oct 16, 2024
edited
Loading

I second this. I have to use a workaround because I'm running locally in docker.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Swimburger @dkrasnove