Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Levente Kosa 136 posts 352 karma points
    Feb 10, 2020 @ 15:28
    Levente Kosa
    0

    The required anti-forgery cookie "__RequestVerificationToken" is not present.

    Hi,

    When debug is false in web.config I get this message on my website.

    <compilation defaultLanguage="c#" debug="false" batch="true" targetFramework="4.7.2" numRecompilesBeforeAppRestart="50" />

    Error: The required anti-forgery cookie "__RequestVerificationToken" is not present.

    Any idea, suggestion? I also have a membership login page before my website. It somehow connects, because without the login restriction everything is fine, even with debug=true value.

    Copy Link
  • HeKampeon 2 posts 72 karma points
    Aug 31, 2020 @ 18:39
    HeKampeon
    0

    Hi Levente,

    I'm facing this problem. Did you solve this?

    Regards

    Copy Link
  • Dee 118 posts 338 karma points
    Sep 01, 2020 @ 08:37
    Dee
    0

    Are you trying to submit a form or call a surface controller action? What is the context of this issue exactly and when does this popup?

    Copy Link
  • HeKampeon 2 posts 72 karma points
    Sep 01, 2020 @ 16:07
    HeKampeon
    0

    Thanks Levente,

    It was a surface controller but i already find the solution. In my case i had a CachedPartial with my login modal and when i change it to renderPartial this problem disapear.

    Copy Link
  • Warren Harding 132 posts 275 karma points
    Mar 17, 2021 @ 07:12
    Warren Harding
    0

    I'm getting this error on Umbraco 8 as well (8.11 and 8.12) debug true or false for compilation - same thing

    __RequestVerificationToken is being passed through in the query paramenters and if I comment out [ValidateAntiForgeryToken] in the SurfaceController action it works fine... but that's not ideal.

    Has anyone had any luck with this one?

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Mar 17, 2021 @ 07:41
    Dave Woestenborghs
    0

    Hi Warren,

    Are you caching the rendering of the form somehow ? If so, than the verification token will be cached as well. Verification tokens have a limited lifetime.

    Dave

    Copy Link
  • Warren Harding 132 posts 275 karma points
    Mar 17, 2021 @ 08:05
    Warren Harding
    0

    Thanks Dave and no, there's no cache at all - the form is directly in the Umbraco View Page.

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Mar 17, 2021 @ 08:10
    Dave Woestenborghs
    0

    Hi Warren,

    I just saw you mentioned query parameters. Are you sending the form with a POST or a GET request ?

    Dave

    Copy Link
  • Warren Harding 132 posts 275 karma points
    Mar 17, 2021 @ 09:57
    Warren Harding
    0

    something like this:

    using (Html.BeginUmbracoForm("Action", "Controller", null, new { @id = "someIdThingo", @class = "form-validation position-relative", @novalidate = "novalidate" }, FormMethod.Post))
{
    @Html.AntiForgeryToken()
    @Html.HiddenFor(x => formModel.Id)
    ...
}

    I've also created a test c# mvc project on 4.7.2 as well and that works fine. I copied over as much of the web.config as I could from Umbraco too.

    These views and controllers are essentially the same as working Umbraco 7 versions that have been moved over to Umbraco 8 projects which all have this issue.

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Mar 17, 2021 @ 11:06
    Dave Woestenborghs
    0

    Hi Warren,

    Are you running your website under https or not ?

    That could problems with this config setting in the web.config

    <httpCookies requireSSL="true" />

    If that is set to true, and you are not running SSL than you have issues. And probably the other way around as well.

    Dave

    Copy Link
  • Warren Harding 132 posts 275 karma points
    Mar 17, 2021 @ 11:41
    Warren Harding
    0

    Thanks again - yep I have that... actually here's most of the relevant parts of the web.config

    enter image description here enter image description here enter image description here enter image description here

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Mar 17, 2021 @ 13:31
    Dave Woestenborghs
    0

    Hi Warren,

    Could you disable the rewrite url to see if that is the issue ?

    Dave

    Copy Link
  • Warren Harding 132 posts 275 karma points
    Mar 17, 2021 @ 22:31
    Warren Harding
    0

    Tried commenting them out, reload, still the same result...

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Mar 18, 2021 @ 09:07
    Dave Woestenborghs
    0

    Hi Warren,

    I'm running out of ideas here.

    Could you check if you view the page that the request verifcation is set ? Could be that something is blocking your cookie from being set.

    Dave

    Copy Link
  • Warren Harding 132 posts 275 karma points
    Mar 18, 2021 @ 21:08
    Warren Harding
    0

    Thanks Dave - me too! It's got me stuffed.. Yes, the __RequestVerificationToken is definitely there in the form elements in the front-end and it's being posted in the request parameters.

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Mar 19, 2021 @ 07:59
    Dave Woestenborghs
    0

    Hi Warren,

    There should also be a cookie written, besides the hidden form field. Can you check that ?

    Dave

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies