Potential CWE-352 vulnerability in OdataToEntity.AspNetCore #45
Description
Hello,
So I've run a SAST scan with a certain tool against OdataToEntity source code and it uncovered the following issue: CWE-352 in OdataToEntity.AspNetCore.OeBatchController BatchCore() and Batch() methods.
I think it should be fixed on the application level, not by the library, by introducing CSRF token middleware or authorization filter. The OeBatchController can also be made abstract so that the responsibility for CSRF prevention be moved to the calling application.
Thoughts?
Cheers,
Dmitry