Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Henrik Sunesen 85 posts 282 karma points
    Oct 22, 2021 @ 11:42
    Henrik Sunesen
    0

    Status Code: 400 on form submit

    Hi all!

    i'm getting a HTTP 400, when i'm trying to submit a form.

    My form markup is equal to the one in the documentation: https://our.umbraco.com/documentation/Fundamentals/Code/Creating-Forms/

    the method i'm trying to call is: 

    [HttpPost] 
 public IActionResult SubmitCaseSearch(CaseSearchForm form)
    {
            // Do some magic
            return CurrentUmbracoPage();
}

    I hope someone can help me here.

    Copy Link
  • Frank Laumann 39 posts 303 karma points
    Oct 22, 2021 @ 12:53
    Frank Laumann
    0

    Hi Henrik

    Have you change the markup to call SubmitCaseSearch instead of submit?

    Other than that I don't see any problems.

    Best regards Frank

    Copy Link
  • Henrik Sunesen 85 posts 282 karma points
    Oct 22, 2021 @ 13:01
    Henrik Sunesen
    0

    Hi Frank,

    Yes, my form looks like this:

     @using (Html.BeginUmbracoForm<SearchController>(nameof(SearchController.SubmitCaseSearch)))
{
  @Html.AntiForgeryToken()
 //Form fields
}

    I can see that people are talking about issues, with POST, antiforgery token and surface controllers in umbraco 9.

    https://github.com/umbraco/UmbracoDocs/issues/3242

    I've just tied removing: 

     @Html.AntiForgeryToken()

    From the form, and now it works :)

    Copy Link
  • Frank Laumann 39 posts 303 karma points
    Oct 22, 2021 @ 13:05
    Frank Laumann
    0

    Maybe you need this tag [ValidateAntiForgeryToken] for the AntiForgeryToken to work

    Copy Link
  • Henrik Sunesen 85 posts 282 karma points
    Oct 25, 2021 @ 06:35
    Henrik Sunesen
    0

    That does not work out :/

    It's still giving me the 404 when i using:

    @Html.AntiForgeryToken() in the view, and [ValidateAntiForgeryToken] in the controller.

    Copy Link
  • Henrik Sunesen 85 posts 282 karma points
    Oct 25, 2021 @ 07:25
    Henrik Sunesen
    0

    It looks like .core automaticly adds the AntiForgeryToken:

    Here is the sourcecode without: @Html.AntiForgeryToken() and [ValidateAntiForgeryToken]

    https://www.screencast.com/t/kMZf3SHB1VFD

    Copy Link
  • Frank Laumann 39 posts 303 karma points
    Oct 25, 2021 @ 07:28
    Frank Laumann
    0

    Is the name of the Token (input) the same if you use @Html.AntiForgeryToken() ?

    Copy Link
  • Henrik Sunesen 85 posts 282 karma points
    Oct 25, 2021 @ 08:56
    Henrik Sunesen
    0

    Yes, the name attribute is identical with and withour the @Html.AntiForgeryToken()

    (name="__RequestVerificationToken")

    Copy Link
  • Stefan 3 posts 24 karma points
    Nov 02, 2021 @ 09:09
    Stefan
    0

    try use the following:

    adding the [FromForm]

     [HttpPost] 
 public IActionResult SubmitCaseSearch([FromForm] CaseSearchForm form)
  {
            // Do some magic
            return CurrentUmbracoPage();
  }
    Copy Link
  • Henrik Sunesen 85 posts 282 karma points
    Nov 03, 2021 @ 06:52
    Henrik Sunesen
    0

    No, Stefan that did not help solving my issue :(

    Copy Link
  • Rick Nieling - Perplex 5 posts 88 karma points
    Nov 25, 2021 @ 08:27
    Rick Nieling - Perplex
    0

    Hi Henrik,

    Did you ever find the solution to this? I am running into the same problem.

    I have a very basic form and surface controller, and without the antiforgery token they work perfectly. But when i include @Html.AntiForgeryToken() in the form i get a "status code 400: bad request" error. The entire surface controller method wont be executed and debug breakpoints in the method wont be reached.

    Perhaps it's a more general asp.net core 5 setting? When googling this issue i came across the following document. It seems that only adding [AutoValidateAntiforgeryToken] for basic post requests seems enough, without explicitly adding @Html.AntiForgeryToken() in the html form.

    Can anyone explain how this works exactly?

    https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-5.0

    Copy Link
  • Patrick de Mooij 73 posts 623 karma points MVP 3x c-trib
    Nov 25, 2021 @ 08:33
    Patrick de Mooij
    0

    Hi Rick, I think this is because Umbraco automatically adds a AntiForgeryToken for you to the form. If you also have the @Html.AntiForgeryToken, then it'll suddenly have two tokens which causes issues.

    If you remove your @Html.AntiForgeryToken and then take a look at your HTML, you'll see that an AntiForgeryToken has already been added as an input.

    Copy Link
  • Rick Nieling - Perplex 5 posts 88 karma points
    Nov 25, 2021 @ 08:37
    Rick Nieling - Perplex
    0

    Hi Patrick,

    Yes, an element with the name="__RequestVerificationToken" has been added to the HTML.

    So what would be the correct method for checking this token in the controller? [ValidateAntiForgeryToken] or[AutoValidateAntiforgeryToken]? Or something else entirely?

    Copy Link
  • Patrick de Mooij 73 posts 623 karma points MVP 3x c-trib
    Nov 25, 2021 @ 08:39
    Patrick de Mooij
    1

    You don't have to do anything with it. If you look at the SurfaceController source code, you can see that there is already a [AutoValidateAntiforgeryToken] attribute on the whole class that'll validate it for you (https://github.com/umbraco/Umbraco-CMS/blob/v9/contrib/src/Umbraco.Web.Website/Controllers/SurfaceController.cs#L20)

    Copy Link
  • Rick Nieling - Perplex 5 posts 88 karma points
    Nov 25, 2021 @ 08:52
    Rick Nieling - Perplex
    0

    Ahh i see! Thanks for the insights Patrick!

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies