diff --git a/src/NuGetGallery/App_Code/ViewHelpers.cshtml b/src/NuGetGallery/App_Code/ViewHelpers.cshtml
index 0be30a2157..329af87c19 100644
--- a/src/NuGetGallery/App_Code/ViewHelpers.cshtml
+++ b/src/NuGetGallery/App_Code/ViewHelpers.cshtml
@@ -311,3 +311,10 @@ var hlp = new AccordionHelper(name, formModelStatePrefix, expanded, page);
}
}
+
+@helper AjaxAntiForgeryToken(System.Web.Mvc.HtmlHelper html)
+{
+
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Areas/Admin/Controllers/LuceneController.cs b/src/NuGetGallery/Areas/Admin/Controllers/LuceneController.cs
index 0bf844f9dd..336b8a9363 100644
--- a/src/NuGetGallery/Areas/Admin/Controllers/LuceneController.cs
+++ b/src/NuGetGallery/Areas/Admin/Controllers/LuceneController.cs
@@ -55,6 +55,7 @@ private async Task GetLuceneInfo()
}
[HttpPost]
+ [ValidateAntiForgeryToken]
public virtual Task Rebuild()
{
IndexingService.UpdateIndex(forceRefresh: true);
diff --git a/src/NuGetGallery/Areas/Admin/Controllers/SecurityPolicyController.cs b/src/NuGetGallery/Areas/Admin/Controllers/SecurityPolicyController.cs
index 05871bbb12..23cfd15a0f 100644
--- a/src/NuGetGallery/Areas/Admin/Controllers/SecurityPolicyController.cs
+++ b/src/NuGetGallery/Areas/Admin/Controllers/SecurityPolicyController.cs
@@ -71,6 +71,7 @@ public virtual JsonResult Search(string query)
}
[HttpPost]
+ [ValidateAntiForgeryToken]
public async Task Update(List subscriptionsJson)
{
var subscribeRequests = subscriptionsJson?.Select(JsonConvert.DeserializeObject)
diff --git a/src/NuGetGallery/Areas/Admin/Controllers/SupportRequestController.cs b/src/NuGetGallery/Areas/Admin/Controllers/SupportRequestController.cs
index a368dd4082..e9baa1e435 100644
--- a/src/NuGetGallery/Areas/Admin/Controllers/SupportRequestController.cs
+++ b/src/NuGetGallery/Areas/Admin/Controllers/SupportRequestController.cs
@@ -54,6 +54,7 @@ public ActionResult GetAdmins()
}
[HttpPost]
+ [ValidateAntiForgeryToken]
public async Task DisableAdmin(int key)
{
try
@@ -69,6 +70,7 @@ public async Task DisableAdmin(int key)
}
[HttpPost]
+ [ValidateAntiForgeryToken]
public async Task EnableAdmin(int key)
{
try
@@ -84,6 +86,7 @@ public async Task EnableAdmin(int key)
}
[HttpPost]
+ [ValidateAntiForgeryToken]
public async Task AddAdmin(string galleryUsername, string pagerDutyUsername)
{
try
@@ -99,6 +102,7 @@ public async Task AddAdmin(string galleryUsername, string pagerDut
}
[HttpPost]
+ [ValidateAntiForgeryToken]
public async Task UpdateAdmin(int key, string galleryUsername, string pagerDutyUsername)
{
try
@@ -114,6 +118,7 @@ public async Task UpdateAdmin(int key, string galleryUsername, str
}
[HttpPost]
+ [ValidateAntiForgeryToken]
public async Task Save(int issueKey, int? assignedToId, int issueStatusId, string comment)
{
try
diff --git a/src/NuGetGallery/Areas/Admin/Views/Lucene/Index.cshtml b/src/NuGetGallery/Areas/Admin/Views/Lucene/Index.cshtml
index 5ab934c113..5314304538 100644
--- a/src/NuGetGallery/Areas/Admin/Views/Lucene/Index.cshtml
+++ b/src/NuGetGallery/Areas/Admin/Views/Lucene/Index.cshtml
@@ -31,10 +31,11 @@ else
}
-@if(Model.IsLocal)
+@if (Model.IsLocal)
{
using (Html.BeginForm("Rebuild", "Lucene"))
{
+ @Html.AntiForgeryToken()