Anti-forgery token is ignored via IgnoreAntiforgeryTokenAttribute CS-A1011

Antiforgery token is used in validation and establishing identity to an extent before serving the required data or resource. This potentially helps prevent security issues. The IgnoreAntiforgeryTokenAttribute, however, skips this token's validation. It is recommended that you not use this token to skip the validation.

Bad Practice

[HttpPost, IgnoreAntiforgeryToken]
public IActionResult PostResults(Model m)
{
    // ...
}

Recommended

[HttpPost]
public IActionResult PostResults(Model m)
{
    // ...
}

Reference

• A01:2021 Broken Access Control
• CWE-352: Cross-Site Request Forgery (CSRF)