Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Henrik Sunesen 84 posts 281 karma points
    Oct 22, 2021 @ 11:42
    Henrik Sunesen
    0

    Status Code: 400 on form submit

    Umbraco 9
    Umbraco 9

    Hi all!

    i'm getting a HTTP 400, when i'm trying to submit a form.

    My form markup is equal to the one in the documentation: https://our.umbraco.com/documentation/Fundamentals/Code/Creating-Forms/

    the method i'm trying to call is: 

    [HttpPost] 
 public IActionResult SubmitCaseSearch(CaseSearchForm form)
    {
            // Do some magic
            return CurrentUmbracoPage();
}

    I hope someone can help me here.

    Copy Link
  • Frank Laumann 39 posts 303 karma points
    Oct 22, 2021 @ 12:53
    Frank Laumann
    0

    Hi Henrik

    Have you change the markup to call SubmitCaseSearch instead of submit?

    Other than that I don't see any problems.

    Best regards Frank

    Copy Link
  • Henrik Sunesen 84 posts 281 karma points
    Oct 22, 2021 @ 13:01
    Henrik Sunesen
    0

    Hi Frank,

    Yes, my form looks like this:

     @using (Html.BeginUmbracoForm<SearchController>(nameof(SearchController.SubmitCaseSearch)))
{
  @Html.AntiForgeryToken()
 //Form fields
}

    I can see that people are talking about issues, with POST, antiforgery token and surface controllers in umbraco 9.

    https://github.com/umbraco/UmbracoDocs/issues/3242

    I've just tied removing: 

     @Html.AntiForgeryToken()

    From the form, and now it works :)

    Copy Link
  • Frank Laumann 39 posts 303 karma points
    Oct 22, 2021 @ 13:05
    Frank Laumann
    0

    Maybe you need this tag [ValidateAntiForgeryToken] for the AntiForgeryToken to work

    Copy Link
  • Henrik Sunesen 84 posts 281 karma points
    Oct 25, 2021 @ 06:35
    Henrik Sunesen
    0

    That does not work out :/

    It's still giving me the 404 when i using:

    @Html.AntiForgeryToken() in the view, and [ValidateAntiForgeryToken] in the controller.

    Copy Link
  • Henrik Sunesen 84 posts 281 karma points
    Oct 25, 2021 @ 07:25
    Henrik Sunesen
    0

    It looks like .core automaticly adds the AntiForgeryToken:

    Here is the sourcecode without: @Html.AntiForgeryToken() and [ValidateAntiForgeryToken]

    https://www.screencast.com/t/kMZf3SHB1VFD

    Copy Link
  • Frank Laumann 39 posts 303 karma points
    Oct 25, 2021 @ 07:28
    Frank Laumann
    0

    Is the name of the Token (input) the same if you use @Html.AntiForgeryToken() ?

    Copy Link
  • Henrik Sunesen 84 posts 281 karma points
    Oct 25, 2021 @ 08:56
    Henrik Sunesen
    0

    Yes, the name attribute is identical with and withour the @Html.AntiForgeryToken()

    (name="__RequestVerificationToken")

    Copy Link
  • Stefan 3 posts 24 karma points
    Nov 02, 2021 @ 09:09
    Stefan
    0

    try use the following:

    adding the [FromForm]

     [HttpPost] 
 public IActionResult SubmitCaseSearch([FromForm] CaseSearchForm form)
  {
            // Do some magic
            return CurrentUmbracoPage();
  }
    Copy Link
  • Henrik Sunesen 84 posts 281 karma points
    Nov 03, 2021 @ 06:52
    Henrik Sunesen
    0

    No, Stefan that did not help solving my issue :(

    Copy Link
  • Rick Nieling - Perplex 5 posts 88 karma points
    Nov 25, 2021 @ 08:27
    Rick Nieling - Perplex
    0

    Hi Henrik,

    Did you ever find the solution to this? I am running into the same problem.

    I have a very basic form and surface controller, and without the antiforgery token they work perfectly. But when i include @Html.AntiForgeryToken() in the form i get a "status code 400: bad request" error. The entire surface controller method wont be executed and debug breakpoints in the method wont be reached.

    Perhaps it's a more general asp.net core 5 setting? When googling this issue i came across the following document. It seems that only adding [AutoValidateAntiforgeryToken] for basic post requests seems enough, without explicitly adding @Html.AntiForgeryToken() in the html form.

    Can anyone explain how this works exactly?

    https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-5.0

    Copy Link
  • Patrick de Mooij 72 posts 622 karma points MVP 3x c-trib
    Nov 25, 2021 @ 08:33
    Patrick de Mooij
    0

    Hi Rick, I think this is because Umbraco automatically adds a AntiForgeryToken for you to the form. If you also have the @Html.AntiForgeryToken, then it'll suddenly have two tokens which causes issues.

    If you remove your @Html.AntiForgeryToken and then take a look at your HTML, you'll see that an AntiForgeryToken has already been added as an input.

    Copy Link
  • Rick Nieling - Perplex 5 posts 88 karma points
    Nov 25, 2021 @ 08:37
    Rick Nieling - Perplex
    0

    Hi Patrick,

    Yes, an element with the name="__RequestVerificationToken" has been added to the HTML.

    So what would be the correct method for checking this token in the controller? [ValidateAntiForgeryToken] or[AutoValidateAntiforgeryToken]? Or something else entirely?

    Copy Link
  • Patrick de Mooij 72 posts 622 karma points MVP 3x c-trib
    Nov 25, 2021 @ 08:39
    Patrick de Mooij
    1

    You don't have to do anything with it. If you look at the SurfaceController source code, you can see that there is already a [AutoValidateAntiforgeryToken] attribute on the whole class that'll validate it for you (https://github.com/umbraco/Umbraco-CMS/blob/v9/contrib/src/Umbraco.Web.Website/Controllers/SurfaceController.cs#L20)

    Copy Link
  • Rick Nieling - Perplex 5 posts 88 karma points
    Nov 25, 2021 @ 08:52
    Rick Nieling - Perplex
    0

    Ahh i see! Thanks for the insights Patrick!

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft