I have a .NET 8 Blazor Server which serves html pages. In addition to that I wanted to add few Minimal API endpoints. Whenever I try to send request to endpoints I recieve "A valid antiforgery token was not provided with the request. Add an antiforgery token, or disable antiforgery validationfor this endpoint." response.
I would like to keep HTML pages protected but disable protection for the API.
I found that MinimalApi has extension method for disabling antiforgery –DisableAntiforgery().
I tried to call it on the Endpoint Group, where my EPs are located and I also called that directly on the Minimal EP. Both with no success.
var apiGroup = app.MapGroup("api/auth") .DisableAntiforgery();apiGroup.MapGet("google", (Guid requestId, IGoogleAuthService authService) =>{ // ...}).DisableAntiforgery();For my Program.cs configuration:
var app = builder.Build();if (!app.Environment.IsDevelopment()){ app.UseExceptionHandler("/Error", createScopeForErrors: true); app.UseHsts();}app.AddApplicationEndpoints(); // I add custom EPs hereapp.UseHttpsRedirection();app.UseStaticFiles();app.UseAntiforgery(); // Antiforgery is enabled hereapp.MapRazorComponents<App>() .AddInteractiveServerRenderMode();app.Run();