While Security Testing of application through OWASP Zap tool Medium risk level alert 'Absence of Anti-csrf Token' is popping up for form tag in Kendo.all.min.js
Even I tried to update kendo version to 2022 (Latest) in Kendo.all.min.js
Are there any ways to resolve it ?
1 Answer, 1 is accepted
0
Aleksandar
Telerik team
answered on 29 Mar 2022, 06:55 AM
Hello Pranali,
Security at the application level, meaning the communication between client and server, is determined by the way different parts of the application are organized and used together. Using the @Html.AntiForgeryToken() in an ASP.NET Core application is a proper approach to apply additional security level to that part of the app. Refer to this knowledgebase article that demonstrates how to send Antiforgery token with Grid Requests in ASP.NET Core and ASP.NET MVC applications:
The DataSource component uses jQuery.ajax to make an HTTP request to the remote service. The values configured via transport configuration are passed to jQuery.ajax. The DataSource allows to also set custom headers, in case you desire to pass the RequestVerificationToken via the request headers, as suggested in Microsoft's documentation.