I’m reviewing the subscribe page of an ASP.NET Core 8 MVC project.
In terms of security, are these two approaches compatible to each other?
I do prefer AJAX since it allows me to have JS toaster for UX/feedback (invalid email etc.).
Option 1: in the view, use @model
at top and a form
element referencing that model
.
<form asp-controller="Account" asp-action="AddNewUser" method="post" id="form-login">
//Several div with the required properties
<div class="form-group">
@Html.EditorFor(model => model.email, new { htmlAttributes = new { @class = "form-control" } })
</div>
</form>
Option 2: in the view, create an AntiForgeryToken
, in JS create an AJAX request to send those information to the same endpoint.
let token = $('[name=__RequestVerificationToken]').val();
$.ajax({
url: '/Account/AddNewUser/',
type: 'POST',
async: true,
data: {
__RequestVerificationToken: token,
//Required properties
},
success: function (response) { ... }
error: function () { ... }
complete: function () { ... }
});