Category: ASP.NET Core

ASP.NET Core MVC Anti-Forgery System Opens Security Hole

ASP.NET Core MVC Anti-Forgery System Opens Security Hole

Recently I was adding Cache-Control headers to an ASP.NET Core MVC application to prevent other users from accessing restricted data after a user has logged out. However, it only seemed to fix the problem for some pages. On other pages, the the server was returning a Cache-Control header of no-cache instead of the required value …

+ Read More