none of the methods described there for disabling the automatic generation are available
I can mark my SurfaceController methods with IgnoreAntiforgeryToken, but the token is still generated in the form
Umbraco Forms has a config setting for it (although I'm not yet convinced that's working because I still see the token)
I need to ensure there are no tokens, as my attempts to set Cache-Control headers are being overridden with a log warning;
The 'Cache-Control' and 'Pragma' headers have been overridden and set to 'no-cache, no-store' and 'no-cache' respectively to prevent caching of this response. Any response that uses antiforgery should not be cached
Disabling AntiForgeryToken/__RequestVerificationToken in BeginUmbracoForm
To run a site behind a CDN, I need to disable the built-in anti-CSRF token stuff so that
Html.BeginUmbracoForm()
doesn't output the token.How can I do that with v9?
IHtmlHelper.BeginForm
generates antiforgery tokens by default (source: https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-3.1#aspnet-core-antiforgery-configuration)IgnoreAntiforgeryToken
, but the token is still generated in the formI need to ensure there are no tokens, as my attempts to set Cache-Control headers are being overridden with a log warning;
The 'Cache-Control' and 'Pragma' headers have been overridden and set to 'no-cache, no-store' and 'no-cache' respectively to prevent caching of this response. Any response that uses antiforgery should not be cached
Phil
I've eventually solved this by injecting my own
IAntiforgery
class that basically does nothing - very quick-and-dirty, but seems to do the job;is working on a reply...