I have a .net core api written which integrates with swagger. Now I'm trying to make swagger page be user friendly but I am not willing to sacrifice security to do so. However, I don't have enough understanding and experience on the said topic and I'm looking for either some reference to get me started or even a straight answer works too.
Currently on my actions I use [FromForm] decorator which then requires a Content-Type: multipart/form-data; to be passed in order to work. Since the intended caller is an angular application, it can easily accommodate that with a FormData object. This has been tested and all works great. Now if I were to use [FromBody] decorator then the the expected value should be Content-Type: application/json which is more api appropriate as I understand but my swagger then is hard to work with. It wants a formatted json value when testing as oppose to each field offering an input and validating types like dropdowns and such.
What are the implications of me using [FromBody] vs [FromForm] in terms of security, is one more secure than the other or is one more preferred than the other and why?
