Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Alex Andersen 4 posts 74 karma points
    Nov 14, 2021 @ 09:01
    Alex Andersen
    0

    Required antiforgery header value "X-UMB-XSRF-TOKEN" not present - Umbraco backoffice

    Using Umbraco 9.0.1

    Our editors experience very often content not loading in the backoffice. The console shows

    Failed to load resource: the server responded with a status of 417 (The required antiforgery header value "X-UMB-XSRF-TOKEN" is not present.)
    

    I tried reading everything I could find, both on our and github. So far, no solution.

    By hitting Refresh (and loosing any edits made), the content loads normally again, only to fail after short time. Only package installed is Umbraco Forms (valid license).

    Do I miss something? Any help apreciated.

    Thanks

  • Marc Goodson 2157 posts 14431 karma points MVP 9x c-trib
    Nov 14, 2021 @ 11:16
    Marc Goodson
    0

    Hi Alex

    This may not be the answer specifically for V9, but have seen this a lot recently because of people putting Cookie permission plugins on the front ends of the site.

    Editor logs into Umbraco all fine, then previews or visits front end of site, and doesn't accept the cookies, which then wipes the backoffice cookies, when they return to edit something they get the 417 error which is related to the cookie going missing!

    If this is the case here, then you need to add the Umbraco backoffice cookies to an 'ignored' or strictly necessary list in the cookie management plugin.

    UMBUPDCHK, UMBUCONTEXT, UMB-XSRF-V, UMB-XSRF-TOKEN, UMBUCONTEXTC, UMB_PREVIEW

    But if that's not the setup with your site, then your looking for something else that might be corrupting the backoffice cookies...

    regards

    Marc

  • Arjan H. 226 posts 463 karma points c-trib
    Feb 25, 2022 @ 15:14
    Arjan H.
    0

    I'm experiencing a similar issue on 9.3.1:

    https://github.com/umbraco/Umbraco-CMS/issues/12060

    Did you manage to find the culprit? I'm not using any cookie blocking/removal scripts on the front end of the website.

Please Sign in or register to post replies

Write your reply to:

Draft