Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Levente Kosa 136 posts 352 karma points
    Feb 10, 2020 @ 15:28
    Levente Kosa
    0

    The required anti-forgery cookie "__RequestVerificationToken" is not present.

    Hi,

    When debug is false in web.config I get this message on my website.

    <compilation defaultLanguage="c#" debug="false" batch="true" targetFramework="4.7.2" numRecompilesBeforeAppRestart="50" />

    Error: The required anti-forgery cookie "__RequestVerificationToken" is not present.

    Any idea, suggestion? I also have a membership login page before my website. It somehow connects, because without the login restriction everything is fine, even with debug=true value.

    Copy Link
  • HeKampeon 2 posts 72 karma points
    Aug 31, 2020 @ 18:39
    HeKampeon
    0

    Hi Levente,

    I'm facing this problem. Did you solve this?

    Regards

    Copy Link
  • Dee 118 posts 338 karma points
    Sep 01, 2020 @ 08:37
    Dee
    0

    Are you trying to submit a form or call a surface controller action? What is the context of this issue exactly and when does this popup?

    Copy Link
  • HeKampeon 2 posts 72 karma points
    Sep 01, 2020 @ 16:07
    HeKampeon
    0

    Thanks Levente,

    It was a surface controller but i already find the solution. In my case i had a CachedPartial with my login modal and when i change it to renderPartial this problem disapear.

    Copy Link
  • Warren Harding 132 posts 275 karma points
    Mar 17, 2021 @ 07:12
    Warren Harding
    0

    I'm getting this error on Umbraco 8 as well (8.11 and 8.12) debug true or false for compilation - same thing

    __RequestVerificationToken is being passed through in the query paramenters and if I comment out [ValidateAntiForgeryToken] in the SurfaceController action it works fine... but that's not ideal.

    Has anyone had any luck with this one?

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Mar 17, 2021 @ 07:41
    Dave Woestenborghs
    0

    Hi Warren,

    Are you caching the rendering of the form somehow ? If so, than the verification token will be cached as well. Verification tokens have a limited lifetime.

    Dave

    Copy Link
  • Warren Harding 132 posts 275 karma points
    Mar 17, 2021 @ 08:05
    Warren Harding
    0

    Thanks Dave and no, there's no cache at all - the form is directly in the Umbraco View Page.

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Mar 17, 2021 @ 08:10
    Dave Woestenborghs
    0

    Hi Warren,

    I just saw you mentioned query parameters. Are you sending the form with a POST or a GET request ?

    Dave

    Copy Link
  • Warren Harding 132 posts 275 karma points
    Mar 17, 2021 @ 09:57
    Warren Harding
    0

    something like this:

    using (Html.BeginUmbracoForm("Action", "Controller", null, new { @id = "someIdThingo", @class = "form-validation position-relative", @novalidate = "novalidate" }, FormMethod.Post))
{
    @Html.AntiForgeryToken()
    @Html.HiddenFor(x => formModel.Id)
    ...
}

    I've also created a test c# mvc project on 4.7.2 as well and that works fine. I copied over as much of the web.config as I could from Umbraco too.

    These views and controllers are essentially the same as working Umbraco 7 versions that have been moved over to Umbraco 8 projects which all have this issue.

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Mar 17, 2021 @ 11:06
    Dave Woestenborghs
    0

    Hi Warren,

    Are you running your website under https or not ?

    That could problems with this config setting in the web.config

    <httpCookies requireSSL="true" />

    If that is set to true, and you are not running SSL than you have issues. And probably the other way around as well.

    Dave

    Copy Link
  • Warren Harding 132 posts 275 karma points
    Mar 17, 2021 @ 11:41
    Warren Harding
    0

    Thanks again - yep I have that... actually here's most of the relevant parts of the web.config

    enter image description here enter image description here enter image description here enter image description here

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Mar 17, 2021 @ 13:31
    Dave Woestenborghs
    0

    Hi Warren,

    Could you disable the rewrite url to see if that is the issue ?

    Dave

    Copy Link
  • Warren Harding 132 posts 275 karma points
    Mar 17, 2021 @ 22:31
    Warren Harding
    0

    Tried commenting them out, reload, still the same result...

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Mar 18, 2021 @ 09:07
    Dave Woestenborghs
    0

    Hi Warren,

    I'm running out of ideas here.

    Could you check if you view the page that the request verifcation is set ? Could be that something is blocking your cookie from being set.

    Dave

    Copy Link
  • Warren Harding 132 posts 275 karma points
    Mar 18, 2021 @ 21:08
    Warren Harding
    0

    Thanks Dave - me too! It's got me stuffed.. Yes, the __RequestVerificationToken is definitely there in the form elements in the front-end and it's being posted in the request parameters.

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Mar 19, 2021 @ 07:59
    Dave Woestenborghs
    0

    Hi Warren,

    There should also be a cookie written, besides the hidden form field. Can you check that ?

    Dave

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft