A Coverity scan on our application reported a potential risk from CSRF attacks. In order to prevent this, I tired to implement the Antiforgery token concept in our Blazor webassembly and Blazor server projects as client/server architecture. I wasn't able to find the hidden input field from the <AntiforgeryToken/> component and there is no value generated.
In the client I have added the <AntiforgeryToken/> tag inside the form tag,
<form method = "post"@onsubmit="UpdateInputs"><AntiforgeryToken/><button type="submit" class="btn btn-sm btn-primary" data-bs-dismiss="modal">Ok</button><button type="button" class="btn btn-sm btn-primary" data-bs-dismiss="modal" @onclick="clear">Cancel</button> </form>but there is no input hidden field when the form is submitted.
On the server I added [ValidateAntiForgeryToken] in the controller and in the Program.cs file I added:
builder.Services.AddAntiforgery();app.UseAntiforgery();What am I missing or what do I need to implement the antiforgery token?