request-validation

Lets say I have the following Custom Request: class PlanRequest extends FormRequest { // ... public function rules() { return [ 'name' => 'required|string|min:3|max:191', 'monthly_fee' => 'required|numeric|min:0', 'transaction_fee' => 'required|numeric|min:0', 'processing_fee' => 'required|numeric|min:0|max:100', 'annual_fee' => 'required|numeric|min:0', 'setup_fee' => 'required|numeric|min:0', 'organization_id' => 'exists:organizations,id', ]; } } When I access it from the controller, if I do $request->all() , it gives me ALL the data, including extra garbage data that isn't meant to be

We've just upgraded to ASP.NET 4.0, and found that requestValidation no longer works. The MSDN docs suggest we need to set requestValidationMode in web.config to 2.0: 4.0 (the default). The HttpRequest object internally sets a flag that indicates that request validation should be triggered whenever any HTTP request data is accessed. This guarantees that the request validation is triggered before data such as cookies and URLs are accessed during the request. The request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page

I setup AWS API Gateway with CORS successfully, when a request is valid I have a 200 status code and also CORS headers, that's nice. But when AWS API Gateway Request Validator detects an invalid input, I have the status code is 400 but CORS headers are not sent... That's really unfortunate, because the client sees a CORS errors instead of a real 400 error (for exemple with fetch the client is not able to distinguish 400 errors because of CORS errors). This question may be related to Get detailed error messages from AWS API Gateway Request Validator I came to this answer through a discussion

I'm using angular 1.0.4 with an ASP.NET MVC4 + Web API project. I'm trying to leverage angular's CSRF protection to no avail. I can see that I'm passing along a cookie named XSRF-TOKEN, but when angular tries to add the value as a header named X-XSRF-TOKEN in the response, the value appears as undefined. I tried following the advice here , but the HTML has yet to render, so no element is found. What might I be missing? Is the RequestVerificationToken cookie generated by ASP.NET MVC protected from javascript access? Also, is it possible to have angular lazily retrieve either the cookie or form

I have been going through the error logs of a development project and found the following error (name changed to protect the guilty innocent)- The provided anti-forgery token was meant for user "", but the current user is "admin". This was not an especially difficult issue to reproduce- Open the application at the login page Open a second window or tab in the same browser on the same computer to the login page before logging in Login in the first window (or indeed second, the order doesn't matter) Attempt to login in the remaining login window The stack trace is- System.Web.Mvc

Has request validation changed for ASP.NET MVC 2, more precisely, not validating? I did the following: Web.configs (in App directory and Views directory) <pages validateRequest="false" Controller/Action Attribute [ValidateInput(false)] In @Page View Directive ValidateRequest="false" The page still gets validated an exception is thrown when HTML content is posted. UPDATE Created a new ASP.NET MVC 2 Application and I modified the Home Controller's Index to this [ValidateInput(false)] public ActionResult Index(string InputText) { ViewData["Message"] = "Welcome to ASP.NET MVC!"; return View(); }