< Summary - Kestrun — Combined Coverage

Information
Class: Public.Middleware.Add-KrAntiforgeryMiddleware
Assembly: Kestrun.PowerShell.Public
File(s): /home/runner/work/Kestrun/Kestrun/src/PowerShell/Kestrun/Public/Middleware/Add-KrAntiforgeryMiddleware.ps1
Tag: Kestrun/Kestrun@6135d944f8787fb570e4dfbacac6e80312799a86
Line coverage
0%
Covered lines: 0
Uncovered lines: 20
Coverable lines: 20
Total lines: 85
Line coverage: 0%
Branch coverage
N/A
Covered branches: 0
Total branches: 0
Branch coverage: N/A
Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage history 0 25 50 75 100 12/01/2025 - 20:55:19 Line coverage: 0% (0/22) Total lines: 104 Tag: Kestrun/Kestrun@638a27c2dd54103f693f023b6ba5f56a884caafa05/09/2026 - 21:51:36 Line coverage: 0% (0/20) Total lines: 85 Tag: Kestrun/Kestrun@6b24c7512a1bad61723a28d32446de0aa658293e

Coverage delta

Coverage delta 1 -1

Metrics

Method
Add-KrAntiforgeryMiddleware()

File(s)

/home/runner/work/Kestrun/Kestrun/src/PowerShell/Kestrun/Public/Middleware/Add-KrAntiforgeryMiddleware.ps1

#LineLine coverage
 1<#
 2    .SYNOPSIS
 3        Adds an Antiforgery service to the server.
 4    .DESCRIPTION
 5        This cmdlet allows you to configure the Antiforgery service for the Kestrun server.
 6        It can be used to protect against Cross-Site Request Forgery (CSRF) attacks by generating and validating antifor
 7    .PARAMETER Options
 8        The Antiforgery options to configure the service.
 9    .PARAMETER CookieName
 10        The name of the cookie to use for the Antiforgery token. Default is '.Kestrun.AntiXSRF'.
 11    .PARAMETER FormFieldName
 12        The name of the form field to use for the Antiforgery token. If not specified, the default will be used.
 13    .PARAMETER HeaderName
 14        The name of the header to use for the Antiforgery token. Default is 'X-CSRF-TOKEN'.
 15    .PARAMETER SuppressXFrameOptionsHeader
 16        If specified, the X-Frame-Options header will not be added to responses.
 17    .PARAMETER SuppressReadingTokenFromFormBody
 18        If specified, the Antiforgery service will not read tokens from the form body. This option is only available in 
 19    .EXAMPLE
 20        Add-KrAntiforgeryMiddleware -Cookie $cookieBuilder -FormField '__RequestVerificationToken' -HeaderName 'X-CSRF-T
 21        This example adds an Antiforgery service to the server with a custom cookie builder, form field name, and header
 22    .EXAMPLE
 23        Add-KrAntiforgeryMiddleware -Options $options
 24        This example adds an Antiforgery service to the server using the specified Antiforgery options.
 25    .LINK
 26        https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.antiforgery.antiforgeryoptions?view=aspnetcore
 27#>
 28function Add-KrAntiforgeryMiddleware {
 29    [KestrunRuntimeApi('Definition')]
 30    [CmdletBinding(defaultParameterSetName = 'Items')]
 31    param(
 32
 33        [Parameter(Mandatory = $true, ParameterSetName = 'Options')]
 34        [Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions]$Options,
 35
 36        [Parameter(ParameterSetName = 'Items')]
 37        [string]$FormFieldName,
 38
 39        [Parameter(ParameterSetName = 'Items')]
 40        [string]$CookieName = '.Kestrun.AntiXSRF',
 41
 42        [Parameter(ParameterSetName = 'Items')]
 43        [string]$HeaderName = 'X-CSRF-TOKEN',
 44
 45        [Parameter(ParameterSetName = 'Items')]
 46        [switch]$SuppressXFrameOptionsHeader,
 47
 48        [Parameter(ParameterSetName = 'Items')]
 49        [switch]$SuppressReadingTokenFromFormBody
 50    )
 51    # Ensure the server instance is resolved
 052    $Server = Resolve-KestrunServer
 53
 054    if ($PSCmdlet.ParameterSetName -eq 'Items') {
 055        $Options = [Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions]::new()
 56
 57        # build default cookie
 058        $cookie = [Microsoft.AspNetCore.Http.CookieBuilder]::new()
 059        $cookie.Name = $CookieName
 060        $cookie.SameSite = [Microsoft.AspNetCore.Http.SameSiteMode]::Lax
 061        $cookie.HttpOnly = $true
 062        $cookie.SecurePolicy = [Microsoft.AspNetCore.Http.CookieSecurePolicy]::Always
 063        $cookie.Path = '/'
 64
 065        $Options.Cookie = $cookie
 66
 067        if (-not [string]::IsNullOrEmpty($FormFieldName)) {
 068            $Options.FormFieldName = $FormFieldName
 69        }
 070        if (-not [string]::IsNullOrEmpty($HeaderName)) {
 071            $Options.HeaderName = $HeaderName
 72        }
 073        if ($SuppressXFrameOptionsHeader.IsPresent) {
 074            $Options.SuppressXFrameOptionsHeader = $true
 75        }
 076        if (Test-KrCapability -Feature 'SuppressReadingTokenFromFormBody') {
 077            if ($SuppressReadingTokenFromFormBody.IsPresent) {
 078                $Options.SuppressReadingTokenFromFormBody = $true
 79            }
 80        }
 81    }
 82
 83    # Add the Antiforgery service to the server
 084    [Kestrun.Hosting.KestrunSecurityMiddlewareExtensions]::AddAntiforgery($Server, $Options) | Out-Null
 85}
Generated by: ReportGenerator 5.5.10.0
05/11/2026 - 04:30:23
GitHub | reportgenerator.io

Methods/Properties

Add-KrAntiforgeryMiddleware()