.Net Core Use logout link instead of button preventig cross domain GET request

Multi tool use
Multi tool use


.Net Core Use logout link instead of button preventig cross domain GET request



I know that using button instead of anchor link in _LoginPartial.cshtml is to prevent cross domain GET requests, but I really need using anchor link to have a uniform nav-bar links. My question is: If I use anchor tag and use javascript code to call form submit method, will it be safe and prevent cross domain GET request? I mean replacing this code:


<button type="submit">Logout</button>



with this one:


<a href="javascript:document.getElementById('logoutForm').submit()"></a>





The point of the button is actually to submit the logout request via POST, since GET requests are idempotent and should not have any side effects. CSRF is just gravy on top. If you need a link, you can either style the button as a link (which is really the optimal path, as stylistic appearance is the domain of CSS, not HTML or JavaScript.) or you can use JavaScript to submit the form on clicking your link. In either case, you should retain the request method as POST, not GET.
– Chris Pratt
Jul 2 at 13:27




2 Answers
2



The point about using a form there is that the form automatically includes a CSRF token. That token is what protects you against cross-site requests since it is only generated as part of the actual form, so not accessible from outside.



As long as that token is included and valid, you should be safe against CSRF. So yeah, submitting the form via JavaScript will be fine here.



Consider using a proper click event for your link though instead of javascript: links:


click


javascript:


<a id="logout-link" href="#">Logout</a>


document.getElementById('logout-link').addEventListener('click', function (evt) {
evt.preventDefault();
document.getElementById('logoutForm').submit();
});



It isn't necessary to change from a button to a link to achieve uniform nav-bar links. If you are using bootstrap you can make a button look like a link easily as shown, if not using bootstrap it is still possible to style a button to look like a link.


<button type="submit" class="btn btn-link">Logout</button>





That does not really answer the question.
– poke
Jul 1 at 19:12





I agree your answer more specifically answers the question asked, but he said he wants uniform navbar links, my answer shows how to do that without using a link instead of a button for logout. Sometimes people ask questions that have false assumptions, in this case a false assumption that only by using a link can he get uniform nav.
– Joe Audette
Jul 1 at 19:24





@JoeAudette Thanks for your taking time. I know bootstrap and can say i'm professional in bootstrap coding, but in this project a predefined theme is used and it's really complicated. I tried to make changes to achieve my goal but i wasn't successful. By the way answering my question about cross-domain GET attack will increase my knowledge to use in other projects
– Amin
Jul 2 at 5:46





Whoever downvoted this needs to go back to school. This answer is not only correct (and does in fact answer the question), but it's also the most optimal path. Saying that you were not able to style it properly is not a good excuse to go down a different and incorrect path. Learn how to use the CSS framework you're using (Bootstrap), do your research, etc. A button can be styled to look however you want it to look.
– Chris Pratt
Jul 2 at 13:30






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

kLtI7Znd MYa,gHu Tyc,acZr4TqcVz0,Fm sP O MfRvIB tvltzxu8NTu1e,0,QsZRVbBfn9koxMEXIK
-
upaoR YK,ugsV,b420dmFG0b,kZA GGSy6

Popular posts from this blog

Rothschild family

Image
"House of Rothschild" redirects here. For the film, see The House of Rothschild. For other uses, see Rothschild (disambiguation). Rothschild Jewish noble banking family Coat of arms granted to the Barons Rothschild in 1822 by Emperor Francis I of Austria Ethnicity Jewish Current region Western Europe (mainly United Kingdom, France, and Germany) [1] Etymology Rothschild (German): "red shield" Place of origin Frankfurter Judengasse, Frankfurt, Holy Roman Empire Founded 1760s (1577  ( 1577 ) ) Founder Mayer Amschel Rothschild (1744–1812) (Elchanan Rothschild, b. 1577) Titles List Freiherr von Rothschild (1822) Baronet, of Tring Park (1847) Baron Rothschild (1885) Traditions Judaism, Goût Rothschild Motto Concordia, Integritas, Industria (English: Harmony, Integrity, Industry ) Estate(s) List British properties Château de Ferrières Palais Rothschild Cadet branches List Austrian branch English branch French branch Neapolitan branch A Rothschild house,...
Read more

Cinema of Italy

Image
Cinema of Italy Some of the notable actors and filmmakers [a] No. of screens 3,217 (2011) [1]  • Per capita 5.9 per 100,000 (2011) [1] Main distributors Medusa Film (16.7%) Warner Bros. (13.8%) 20th Century Fox (13.7%) [2] Produced feature films (2013) [3] Total 167 Number of admissions (2013) [3] Total 97,380,572  • Per capita 1.50 (2012) [4] National films 30,208,422 (31.0%) Gross box office (2013) [3] Total €618 million National films €188 million (30.5%) The Cinema of Italy comprises the films made within Italy or by Italian directors. Since the development of the Italian film industry in the early 1900s, Italian filmmakers and performers have, at times, experienced both domestic and international success, and have influenced film movements throughout the world. As of 2014, Italian films have won 14 Academy Awards for Best Foreign Language Film, the most of any country, as well as 12 Palmes d'Or, the second-most ...
Read more