After copying the code sample provided for use with AngularJS, I noticed that two antiforgery cookies are being added: XSRF-TOKEN and .AspNetCore.Antiforgery.xxxxxxxxxxx. This appears to be because we're calling antiforgery.GetAndStoreTokens(context) rather than antiforgery.GetTokens(context).

Given that GetAndStoreTokens will add the cookie on our behalf anyway, maybe the sample should just set the name of the cookie when configuring the service (which is what I have done in my application).

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 47b14f57-82ac-a2e2-cbc7-22a81a60f4ac
• Version Independent ID: bffca13c-223f-c61f-9cb2-9da8811eecfa
• Content: Prevent Cross-Site Request Forgery (XSRF/CSRF) attacks in ASP.NET Core
• Content Source: aspnetcore/security/anti-request-forgery.md
• Product: aspnet-core
• Technology: aspnetcore-security
• GitHub Login: @steve-smith
• Microsoft Alias: riande