Best Pattern for AllowUnsafeUpdates

前端未结

关注

 6  1617

半阙折子戏 2020-12-28 08:54

So far, in my research I have seen that it is unwise to set AllowUnsafeUpdates on GET request operation to avoid cross site scripting. But, if it is required to allow this,

6条回答

情深已故 (楼主)

2020-12-28 09:15

For AllowUnsafeUpdates, I follow this process:

if( HttpContext.Current is null )
{
  Do nothing, no need to set AllowUnsafeUpdates to true nor
  to call ValidateFormDigest() because update will be carried out
}
else // HttpContext.Current is NOT null
{
  if( SPContext.Current is null )
  {
    Need to set AllowUnsafeUpdates to true
  }
  else // SPContext.Current is NOT null
  {
    Call ValidateFormDigest()
  }
}

0 讨论(0)

查看其它6个回答