public async Task <IActionResult> Create([Bind("Id,Title")] FeedModel feedModel)
{
if (ModelState.IsValid)
{
_context.Add(feedModel);
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
return(View(feedModel));
}
public async Task <IActionResult> CreateFeed()
{
string content = string.Empty;
using (Stream receiveStream = HttpContext.Request.Body)
{
using (StreamReader reader = new StreamReader(receiveStream))
{
content = reader.ReadToEnd();
}
}
var entry = JsonConvert.DeserializeObject <Feed>(content, new JsonSerializerSettings
{
TypeNameHandling = TypeNameHandling.Auto // A6 - Insecure Deserailization - You shoudl instead use TypeNameHandling.None
});
_context.Add(entry);
await _context.SaveChangesAsync();
return(Ok());
}