Suppress ValidateAntiForgeryToken message in FxCop (nuget.exe doesn't provide one) (#7998)

drewgillies · web-flow · commit 73b80387d68d · 2020-05-20T16:46:32.000+10:00
diff --git a/src/NuGetGallery/Controllers/PackagesController.cs b/src/NuGetGallery/Controllers/PackagesController.cs
@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.Collections.Specialized;
 using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.IO;
 using System.Linq;
@@ -799,6 +800,7 @@ private static async Task<byte[]> ReadPackageFile(PackageArchiveReader packageAr
 
         // This additional delete action addresses issue https://github.com/NuGet/Engineering/issues/2866 - we need to error out.
         [HttpDelete]
+        [SuppressMessage("Microsoft.Security.Web.Configuration", "CA3147: Missing ValidateAntiForgeryTokenAttribute", Justification = "nuget.exe will not provide a token")]
         public HttpStatusCodeResult DisplayPackage() 
             => new HttpStatusCodeWithHeadersResult(HttpStatusCode.MethodNotAllowed, new NameValueCollection() { { "allow", "GET" } });
 
