I'm seeing a bunch of errors in our back office on all environments (from localhost to production) where the /umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds route is returning a 417 Invalid Token response.
Doing some digging into the core I found the problem is coming from the AngularAntiForgeryHelper and the ValidateTokens method must be returning false.
This tends to happen when the back office is logged in for a "reasonable" period of time and not interacted with, it seems navigating around delays the error cropping up.
Thoughts on what could be causing an invalid token to appear?
I'm have a crack at debugging it (there's a try/catch where the exception is swallowed!) but of course when I run with a debugger attached the problem doesn't exist :(.
I can repo it really easily in our instance but the git repository isn't sharable for that :P
It seems related to our AngularJS front-end and the use of the antiforgery token there too. If i have two tabs open (one the front end and the other Umbraco) I get the errror, if I only have the backoffice open (and the front end in a private mode tab or another browser) it doesn't happen.
Chalking it up to "our implementation" as the root cause.
I guess yeah, if you are using an implementation like that on your front-end too, it might cause issues... but if you are using different cookie/token names than the back office it should still 'just work'
Just in case - in my usecase issue with '417 Invalid token' was in the fact that our code was adding a cookie with spaces in name.
Actually, though it is violating cookie names, it was working everywhere, except Umbraco backoffice, which, after receiving cookie with spaces in name - begin generating 417 errors
we have facing the same issue with Umbraco version 7.1.4 assembly: 1.0.5261.28127
when we login to umbraco; get blank frames from left side. Left menu is completely empty because of error that show in console(please see the image).
If we reload(press F5) the page it works fine.It is consistent every time; log in, nothing works, F5, everything works.
we also try to clear cookies and caches of browser. But still issue remain same.
Is this something Umbraco have done or something that had been caused by a change?
we get the following errors in the backoffice.
Failed to load resource: the server responded with a status of 417
/umbraco/backoffice/UmbracoApi/UpdateCheck/GetCheck
Failed to load resource: the server responded with a status of 417 (Missing token)
/umbraco/backoffice/UmbracoApi/Section/GetSections
Failed to load resource: the server responded with a status of 417 (Missing token)
/umbraco/backoffice/UmbracoApi/Dashboard/GetDashboard?section=content
Failed to load resource: the server responded with a status of 417 (Missing token)
/umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds
Failed to load resource: the server responded with a status of 417 (Missing token)
Back office API controller failing with 417
Umbraco version: 7.2.4
I'm seeing a bunch of errors in our back office on all environments (from localhost to production) where the
/umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSecondsroute is returning a417 Invalid Tokenresponse.Doing some digging into the core I found the problem is coming from the
AngularAntiForgeryHelperand theValidateTokensmethod must be returning false.This tends to happen when the back office is logged in for a "reasonable" period of time and not interacted with, it seems navigating around delays the error cropping up.
Thoughts on what could be causing an invalid token to appear?
Hello,
Maybe this topic can help: https://our.umbraco.org/forum/umbraco-7/using-umbraco-7/60627-417-Missing-token-in-the-backoffice
Jeroen
Thanks internet search engines for not finding that one :P
Did you ever solve it yourself? I'll try not having two tabs opened.
Two tabs open works, I do this all of the time. If you have steps to replicate let us know.
I'm have a crack at debugging it (there's a
try/catchwhere the exception is swallowed!) but of course when I run with a debugger attached the problem doesn't exist :(.I can repo it really easily in our instance but the git repository isn't sharable for that :P
It seems related to our AngularJS front-end and the use of the antiforgery token there too. If i have two tabs open (one the front end and the other Umbraco) I get the errror, if I only have the backoffice open (and the front end in a private mode tab or another browser) it doesn't happen.
Chalking it up to "our implementation" as the root cause.
I guess yeah, if you are using an implementation like that on your front-end too, it might cause issues... but if you are using different cookie/token names than the back office it should still 'just work'
You're making an assumption that someone considered that :P
Just in case - in my usecase issue with '417 Invalid token' was in the fact that our code was adding a cookie with spaces in name. Actually, though it is violating cookie names, it was working everywhere, except Umbraco backoffice, which, after receiving cookie with spaces in name - begin generating 417 errors
Hello All,
we have facing the same issue with Umbraco version 7.1.4 assembly: 1.0.5261.28127
when we login to umbraco; get blank frames from left side. Left menu is completely empty because of error that show in console(please see the image).
If we reload(press F5) the page it works fine.It is consistent every time; log in, nothing works, F5, everything works.
we also try to clear cookies and caches of browser. But still issue remain same.
Is this something Umbraco have done or something that had been caused by a change?
we get the following errors in the backoffice.
Failed to load resource: the server responded with a status of 417
/umbraco/backoffice/UmbracoApi/UpdateCheck/GetCheck Failed to load resource: the server responded with a status of 417 (Missing token)
/umbraco/backoffice/UmbracoApi/Section/GetSections Failed to load resource: the server responded with a status of 417 (Missing token)
/umbraco/backoffice/UmbracoApi/Dashboard/GetDashboard?section=content Failed to load resource: the server responded with a status of 417 (Missing token)
/umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds Failed to load resource: the server responded with a status of 417 (Missing token)
angular.min.js:106 POST http://www.boyerplanning.co.uk/umbraco/backoffice/UmbracoApi/Authentication/PostLogout 417 (Missing token)
Anyone has an solution to this problem?
is working on a reply...