From ddf75be0105a8f1dcc08855033822dfb08142575 Mon Sep 17 00:00:00 2001
From: Krzysztof Pajak <krzysiek@grandnode.com>
Date: Sun, 24 May 2026 18:45:11 +0200
Subject: [PATCH] Potential fix for code scanning alert no. 1045: Missing
 cross-site request forgery token validation

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/Web/Grand.Web.AdminShared/Controllers/BaseLoginController.cs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Web/Grand.Web.AdminShared/Controllers/BaseLoginController.cs b/src/Web/Grand.Web.AdminShared/Controllers/BaseLoginController.cs
index 7d39fd990..0e3905031 100644
--- a/src/Web/Grand.Web.AdminShared/Controllers/BaseLoginController.cs
+++ b/src/Web/Grand.Web.AdminShared/Controllers/BaseLoginController.cs
@@ -139,6 +139,7 @@ await _messageProviderService.SendCustomerEmailTokenValidationMessage(customer,
     }
 
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public async Task<IActionResult> TwoFactorAuthorization(string token,
         [FromServices] ITwoFactorAuthenticationService twoFactorAuthenticationService)
     {