Mid ASP.NET Core

Securing APIs: Anti‐Forgery, CORS, HTTPS, etc.?

HTTPS: Enforced via UseHttpsRedirection()
CORS: Limit origins using policies
Anti-forgery: Usually not needed for APIs unless using cookies (use

ValidateAntiForgeryToken)

Use authentication + authorization checks for all endpoints

More from ASP.NET Core Tutorial

All questions for this course