Vulnerability in EPiServer.Forms
Did anyone else run into an issue after project upgrade that now Microsoft.AspNetCore.Mvc ModelState is validating not just controller's model?
We have an issue that a customer cannot end purchase journey because there a required field in home page that is not filled in.
Is your project having nullable feature enabled? Can you check your csproj file? If your application is built with nullable enabled and by default mvc will validate all non-nullable properties or parameters. That's the fundamental change with nullable feature enabled from what I understand.
Unfortunately I don't have much information from what you described above, I hope my answer would help.
I have posted my question on StackOverflow. Unfortunately I cannot remove the inheritance so I have written a custom validation rather than using ModelState.IsValid.
I don't quit get it. Your issue does not seem related to inheritance. Do you have nullable enabled?
If the issue is caused by nullable reference type, you can disable this behavior using the following code
builder.Services.AddControllers( options => options.SuppressImplicitRequiredAttributeForNonNullableReferenceTypes = true);
I have a property in a class that is null BUT that entire class should not be validated.
It is a property in a Home page while the controller / view model / class is a Billing page.
And it did not work this way before the change (Microsoft.AspNetCore.Mvc.ModelBinding.ObjectModelValidator and System.Web.Mvc.ModelStateDictionary)