fix(central-ui): resolve CentralUI-015..019 — pager windowing, logout CSRF, narrowed catch blocks, coverage; CentralUI-015 re-triaged Won't Fix

2026-05-16 22:04:21 -04:00
parent 404216b4ee
commit d7b275fc9b
18 changed files with 772 additions and 50 deletions
--- a/src/ScadaLink.CentralUI/Components/Layout/NavMenu.razor
+++ b/src/ScadaLink.CentralUI/Components/Layout/NavMenu.razor
@@ -101,6 +101,9 @@
                <div class="d-flex justify-content-between align-items-center">
                    <span class="text-light small">@context.User.FindFirst("DisplayName")?.Value</span>
                    <form method="post" action="/auth/logout" data-enhance="false">
+                        @* CentralUI-017: logout is a state-changing POST and is
+                           CSRF-protected — the antiforgery token is required. *@
+                        <AntiforgeryToken />
                        <button type="submit" class="btn btn-outline-light btn-sm py-0 px-2">Sign Out</button>
                    </form>
                </div>