13 lines
811 B
Plaintext
13 lines
811 B
Plaintext
=== on 16 Oct 2018, 18:39:51 Nicolas Harraudeau wrote:
|
|
*Implementation details*:
|
|
|
|
*In .Net core*, -any reference to ``++Microsoft.AspNetCore.Http.HttpRequest.Cookies++`` should create an issue. It is a ``++IEnumerable++`` and it is not worth highlighting every manipulation method this class has. There is no "Cookie" Type in .Net Core, they are instead processed as strings.-
|
|
|
|
The ``++Request++`` object is just a reference to the ``++HttpRequest++`` of the current request.
|
|
|
|
Regarding ``++Microsoft.AspNetCore.Http.HttpResonse.Cookies++``, only the ``++Append++`` method should raise an issue as the ``++Delete++`` one is not security-sensitive (no risk of injection).
|
|
|
|
The ``++Response++`` object is just a reference to the ``++HttpResponse++`` of the current request.
|
|
|
|
include::../comments-and-links.adoc[]
|