Merge pull request #11 from dotnet/Rick-Anderson-patch-11

Rick anderson patch 11
Unity-and-wireless-communications · Dec 19, 2024 · 0535d99 · 0535d99
2 parents 2362ab1 + 0013177
commit 0535d99
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/aspnetcore/security/anti-request-forgery.md b/aspnetcore/security/anti-request-forgery.md
@@ -159,9 +159,7 @@ Calling <xref:Microsoft.Extensions.DependencyInjection.MvcServiceCollectionExten
 
 ## Multiple browser tabs and the Synchronizer Token Pattern
 
-With the Synchronizer Token Pattern, only the most recently loaded page is guaranteed to contain a valid antiforgery token. Apps that wish to support multiple tabs should test supported browsers and log failures. ***Using multiple tabs can be problematic***. For example, if a user opens multiple tabs, requests made from previously loaded tabs might fail with an error: `Antiforgery token validation failed. The antiforgery cookie token and request token do not match`
-
- Consider alternative CSRF protection patterns if this poses an issue.
+Multiple tabs with different users is not supported, including a user and anonymous.
 
 ## Configure antiforgery with `AntiforgeryOptions`