AntiForgery should support tokens coming in by AJAX from the headers. I'd like to modify the classes and contribute. How do I go about this or will Microsoft do it?
Comments: An example could be found here: http://www.codethinked.com/aspnet-mvc-ajax-csrf-protection-with-jquery-15 This is just for ajax requests. I'm thinking about merging them into one so the attribute supports both form fields and ajax request headers.
Comments: An example could be found here: http://www.codethinked.com/aspnet-mvc-ajax-csrf-protection-with-jquery-15 This is just for ajax requests. I'm thinking about merging them into one so the attribute supports both form fields and ajax request headers.