Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Björn 18 posts 158 karma points
    Jun 18, 2019 @ 10:26
    Björn
    0

    Umbraco forms error: anti-forgery cookie token and form field token do not match

    Hi, I've built a site using Umbraco 8 which uses Umbraco forms, Umbraco V 8.0.2 and forms V 8.1.1. When trying to submit a form, I recieve this error message:

    The anti-forgery cookie token and form field token do not match.
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 
    
    Exception Details: System.Web.Mvc.HttpAntiForgeryException: The anti-forgery cookie token and form field token do not match.
    
    Source Error: 
    
    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
    
    Stack Trace: 
    
    
    [HttpAntiForgeryException (0x80004005): The anti-forgery cookie token and form field token do not match.]
       System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken) +554
       System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext) +71
       System.Web.Helpers.AntiForgery.Validate() +92
       Umbraco.Forms.Core.Attributes.ValidateFormsAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) +156
       System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +97
       System.Web.Mvc.Async.<>c__DisplayClass3_1.<BeginInvokeAction>b__0(AsyncCallback asyncCallback, Object asyncState) +640
       System.Web.Mvc.Async.WrappedAsyncResult`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +14
       System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +128
       System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state) +346
       System.Web.Mvc.<>c.<BeginExecuteCore>b__152_0(AsyncCallback asyncCallback, Object asyncState, ExecuteCoreState innerState) +27
       System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +30
       System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +128
       System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state) +494
       System.Web.Mvc.<>c.<BeginExecute>b__151_1(AsyncCallback asyncCallback, Object callbackState, Controller controller) +16
       System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +20
       System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +128
       System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) +403
       System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) +16
       System.Web.Mvc.<>c.<BeginProcessRequest>b__20_0(AsyncCallback asyncCallback, Object asyncState, ProcessRequestState innerState) +54
       System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +30
       System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +128
       System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state) +412
       System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state) +48
       System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) +16
       System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +444
       System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +132
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +163
    

    What's the reason for this error? Also, wWhen I check the HTML, the forms action is set to a page that exists in the backoffice but in the form workflow the user should be redirected to another page called Tack!:

    <form action="/anslagstavla/"...
    

    enter image description here

    If I go into the backoffice, saves the form and re-publish the page, the form is working fine on my computer but on another computer I receive the same error, even though I refresh the page with ctrl+F5. Any ideas?

  • Yakov Lebski 591 posts 2347 karma points
    Jun 19, 2019 @ 21:16
    Yakov Lebski
    0

    How many servers do you have?
    If you have more than one server - you should verify that the same machine key defined in web.config

  • Kevin T Reynolds 15 posts 158 karma points
    Jun 27, 2019 @ 21:01
    Kevin T Reynolds
    0

    @Bjorn did you ever resolve this?

  • Björn 18 posts 158 karma points
    Aug 30, 2019 @ 11:32
    Björn
    0

    We believe it's a bug in Umbraco 8 with the cache of macros in the rte. We sent an issue to Umbraco HQ but haven't heard since. In Umbraco 8 there is a new field called Form picker and when using that one there's no problem. Another way to solve it was to set EnableAntiForgeryToken to false instead of true in UmbracoForms.config. It makes your inbox more vulnerable to spam however.

  • Jeremy Robson 1 post 72 karma points
    Dec 17, 2019 @ 08:51
    Jeremy Robson
    1

    we saw this too, problems if the form is rendered as embedded in an RTE with Umbraco 8 - IE11 didnt see the token at all, and quite random errors with token on other browsers, try using a form picker control instead and render directly in razor template

        @if (Model.FormPicker != null)
        {
            var g = new Guid(Model.FormPicker.ToString());
    
            @Umbraco.RenderMacro("renderUmbracoForm", new { FormGuid = g, FormTheme = "MY_SITE_THEME", ExcludeScripts = "0" })
    
        }
    
Please Sign in or register to post replies

Write your reply to:

Draft