417 Missing token suddenly occurring on all our sites
We have several Umbraco sites that have been working fine, then on Monday (15th May) clients on various sites starting reporting that they were seeing no content on login.
Checking it out, it is returning 417 Missing Token on various services on login; an F5 will make everything work.
It is consistent every time; log in, nothing works, F5, everything works.
Seems to be a common error but with various causes; I have cleared cookies, restarted site, no dice. Reproducible every time.
The initial login sends a UMB_UCONTEXT cookie (and my app cookie for site users).
The F5 sends that + cookies XSRF-TOKEN and XSRF-V, and extra header X-XSRF-TOKEN.
Replaying the requests in the object inspector will reliably give the same results, so clearly it is the headers that are causing the problem.
Any ideas how to fix? And why it's suddenly started happening?
Same issue.... I don't have the option to upgrade but I would prefer a fix?? Is this something Umbraco have done or something that had been caused by a change?
And made a small change in AuthenticationController from Umbraco.Web project
1) Deleted SetAngularAntiForgeryTokens attribute from PostLogin method
2) Added new private method (in fact just copied piece of code from SetAngularAntiForgeryTokensAttribute)
private void ValidateCookies(HttpContextBase context) {
if (context.Request.Cookies.Get(AngularAntiForgeryHelper.AngularCookieName) != null
&& context.Request.Cookies.Get(AngularAntiForgeryHelper.CsrfValidationCookieName) != null)
{
return;
}
string cookieToken, headerToken;
AngularAntiForgeryHelper.GetTokens(out cookieToken, out headerToken);
var angularCookie = new HttpCookie(AngularAntiForgeryHelper.AngularCookieName, headerToken)
{
Path = "/",
//must be js readable
HttpOnly = false,
Secure = GlobalSettings.UseSSL
};
var validationCookie = new HttpCookie(AngularAntiForgeryHelper.CsrfValidationCookieName, cookieToken)
{
Path = "/",
HttpOnly = true,
Secure = GlobalSettings.UseSSL
};
context.Response.Cookies.Add(angularCookie);
context.Response.Cookies.Add(validationCookie);
}
3) Use this method from PostLogin method (just before return)
...
ValidateCookies(http.Result);
return result;
So it looks like something wrong with cookies when we set it from ActionFIlter. It simply does not return cookies in response.
Briefly tested it on two different websites and it looks fine now. I can log in and there isn't broken token errors. Maybe it breaks something else so I will make more tests
Please let me know if somebody find another solution.
I am facing the same issue with Umbraco version 7.1.4 assembly: 1.0.5261.28127 from 15 th May.
Not able to find the below files in umbraco folder :
umbraco/backoffice/UmbracoApi/UpdateCheck/GetCheck Failed to load resource: the server responded with a status of 417 (Missing token)
umbraco/backoffice/UmbracoApi/Section/GetSections Failed to load resource: the server responded with a status of 417 (Missing token)
umbraco/backoffice/UmbracoApi/Dashboard/GetDashboard?section=content Failed to load resource: the server responded with a status of 417 (Missing token)
umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds Failed to load resource: the server responded with a status of 417 (Missing token)
Also I don't have backoffice folder in the installed umbraco site folder.
we have facing the same issue with Umbraco version 7.1.4 assembly: 1.0.5261.28127
when we login to umbraco; get blank frames from left side. Left menu is completely empty because of error that show in console(please see the image).
If we reload(press F5) the page it works fine.It is consistent every time; log in, nothing works, F5, everything works.
we also try to clear cookies and caches of browser. But still issue remain same.
Is this something Umbraco have done or something that had been caused by a change?
we get the following errors in the backoffice.
Failed to load resource: the server responded with a status of 417
/umbraco/backoffice/UmbracoApi/UpdateCheck/GetCheck
Failed to load resource: the server responded with a status of 417 (Missing token)
/umbraco/backoffice/UmbracoApi/Section/GetSections
Failed to load resource: the server responded with a status of 417 (Missing token)
/umbraco/backoffice/UmbracoApi/Dashboard/GetDashboard?section=content
Failed to load resource: the server responded with a status of 417 (Missing token)
/umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds
Failed to load resource: the server responded with a status of 417 (Missing token) angular.min.js:106 POST
/umbraco/backoffice/UmbracoApi/Authentication/PostLogout 417 (Missing token)
I encountered this issue after upgrading from 7.6.5 to 7.7.6 and signing in with chrome. I've tried deleting the cookies in the past without success, so I tried signing in with a different browser (Firefox in this case) and it worked there. When I came back to chrome and tried logging in again it worked. Haven't tested this thoroughly, as I don't run into this problem often, but might be a workaround for people encountering this issue.
Update: This was working fine on 7.5.7 but then I have upgraded it to 7.13.0 and sadly even though this is the latest release at the moment and was released only this week, I see this exact same problem.
Is there anyone else experiencing the same problem? And any solution please? Thanks in advance.
Update 2: I have created a new bug for this but unfortunately it has been closed almost straight away, saying "we're not able to reproduce on a clean install at the moment.", which basically means it is not Umbraco Developers' problem but it is your problem, even though problem occurs after an Umbraco upgrade. Very disappointing.
This happened to me after an upgrade. Check the umbracoUseSSL setting is true if you're on HTTPS. Delete your cache, TEMP and umbraco.config and restart the site then clear your session and cookies.
Fixed it for me.
UPDATE - No it didn't!
I've isolated the issue to be something on the front end with sessions / cookies. If I open ONLY the backoffice it works perfectly. If I open the front end in another tab then the Umbraco tab instance starts throwing the 417.
I'm looking at cookies and headers to see what's different.
I've had similar issues and have found its the missing ASP.NET session ID cookie. Going straight to the backend, that cookie isn't set and the other cookies don't appear.
Anything relating to clearing cookies, cache etc don't work. Logging in only sets the affinity cookie (if you're on ucloud) and the umbcontext.
Hit the front end, get the session cookie and then go straight to the back end (don't logout/login) and the cookies get set. If you've seen a white screen then it should disappear straight away.
I've just upgraded a large site from 7.15.3 to 7.15.7 and these issues remain.
Selecting a node in the Content tree often results in the results pane showing the loading dots forever. If you do a full browser refresh, both panes load instantly.
Make small change to a page, view the change in the FE, amend the change. When the save and publish is hit for the second time, it displays what my client describes as the "X of Doom" and doesn't update.
417 Missing token suddenly occurring on all our sites
We have several Umbraco sites that have been working fine, then on Monday (15th May) clients on various sites starting reporting that they were seeing no content on login.
Checking it out, it is returning
417 Missing Tokenon various services on login; an F5 will make everything work.It is consistent every time; log in, nothing works, F5, everything works.
Seems to be a common error but with various causes; I have cleared cookies, restarted site, no dice. Reproducible every time.
The initial login sends a
UMB_UCONTEXTcookie (and my app cookie for site users).The F5 sends that + cookies
XSRF-TOKENandXSRF-V, and extra headerX-XSRF-TOKEN.Replaying the requests in the object inspector will reliably give the same results, so clearly it is the headers that are causing the problem.
Any ideas how to fix? And why it's suddenly started happening?
Update: 7.5 works; so we can upgrade if it is not patchable.
I would prefer a fix however.
Hi Rob,
I have seen this issue a few times...
I would suggest just simply upgrading if it is feasible for you. If you manage to find a fix, please post it here for the rest of the community. ;)
Good luck!
Craig
Same issue.... I don't have the option to upgrade but I would prefer a fix?? Is this something Umbraco have done or something that had been caused by a change?
I have the same issue.... Please let community know if somebody find fix
Hi All,
Looks like I found a workaround. I cannot upgrade Umbraco to the latest version so I had to find a solution. For now, I use version 7.2.8
So I downloaded Umbraco sources from here: https://github.com/umbraco/Umbraco-CMS/releases/tag/release-7.2.8
And made a small change in AuthenticationController from Umbraco.Web project
1) Deleted SetAngularAntiForgeryTokens attribute from PostLogin method
2) Added new private method (in fact just copied piece of code from SetAngularAntiForgeryTokensAttribute)
3) Use this method from PostLogin method (just before return)
So it looks like something wrong with cookies when we set it from ActionFIlter. It simply does not return cookies in response.
Briefly tested it on two different websites and it looks fine now. I can log in and there isn't broken token errors. Maybe it breaks something else so I will make more tests
Please let me know if somebody find another solution.
Thanks Ihor
Hi Ihor,
Have you continued to use this fix without any issues?
Are you able to provide the updated DLL files?
Thanks
Hi Josh,
Sorry for delay with answer. You can download umbraco.dll by this link umbraco dll
Thanks
We still have this issue. Surprised no one from Umbraco had come forward to explain why this occurred in the first place
We also have this issue. Can confirm this occurs on multiple versions, up to 7.2.8. More details on our issue here: http://issues.umbraco.org/issue/U4-9873
We think our issue first appeared when migrating to Windows Server 2016.
Have you made any changes to the hosting environment?
Hello All,
I am facing the same issue with Umbraco version 7.1.4 assembly: 1.0.5261.28127 from 15 th May.
Not able to find the below files in umbraco folder :
umbraco/backoffice/UmbracoApi/UpdateCheck/GetCheck Failed to load resource: the server responded with a status of 417 (Missing token)
umbraco/backoffice/UmbracoApi/Section/GetSections Failed to load resource: the server responded with a status of 417 (Missing token)
umbraco/backoffice/UmbracoApi/Dashboard/GetDashboard?section=content Failed to load resource: the server responded with a status of 417 (Missing token)
umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds Failed to load resource: the server responded with a status of 417 (Missing token)
Also I don't have backoffice folder in the installed umbraco site folder.
Help me its urgent.
Thanks in advance. Pradip
Hello All,
we have facing the same issue with Umbraco version 7.1.4 assembly: 1.0.5261.28127
when we login to umbraco; get blank frames from left side. Left menu is completely empty because of error that show in console(please see the image).
If we reload(press F5) the page it works fine.It is consistent every time; log in, nothing works, F5, everything works.
we also try to clear cookies and caches of browser. But still issue remain same.
Is this something Umbraco have done or something that had been caused by a change?
we get the following errors in the backoffice.
Failed to load resource: the server responded with a status of 417 /umbraco/backoffice/UmbracoApi/UpdateCheck/GetCheck
Failed to load resource: the server responded with a status of 417 (Missing token) /umbraco/backoffice/UmbracoApi/Section/GetSections
Failed to load resource: the server responded with a status of 417 (Missing token) /umbraco/backoffice/UmbracoApi/Dashboard/GetDashboard?section=content
Failed to load resource: the server responded with a status of 417 (Missing token) /umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds
Failed to load resource: the server responded with a status of 417 (Missing token) angular.min.js:106 POST /umbraco/backoffice/UmbracoApi/Authentication/PostLogout 417 (Missing token)
Anyone has an solution to this problem?
Umbraco 7.2.8 -- Server 2012 sp1
removing KB4014604 fixed the issue for us
Can anyone confirm that this works in 7.5, with KB4014604 installed?
An update on this:
I have a solution on 7.3.1 that is not affected, also solutions on 7.4 and 7.5 without problems.
So if you need to upgrade, you don't necessarily need to go all the way up :)
I had this issue on 7.6.3 when I changed the web.config to umbracouseSSL to true. I found clearing my cookies then logging back in fixed the issue.
Update: this happened again to us after installing Windows updates on Server 2012 R2. Our Umbraco 7.2.8 back office broke with the 417 errors again.
I ended up using the recompiled umbraco.dll from above to fix the issue.
I encountered this issue after upgrading from 7.6.5 to 7.7.6 and signing in with chrome. I've tried deleting the cookies in the past without success, so I tried signing in with a different browser (Firefox in this case) and it worked there. When I came back to chrome and tried logging in again it worked. Haven't tested this thoroughly, as I don't run into this problem often, but might be a workaround for people encountering this issue.
Update: This was working fine on 7.5.7 but then I have upgraded it to 7.13.0 and sadly even though this is the latest release at the moment and was released only this week, I see this exact same problem.
Is there anyone else experiencing the same problem? And any solution please? Thanks in advance.
Update 2: I have created a new bug for this but unfortunately it has been closed almost straight away, saying "we're not able to reproduce on a clean install at the moment.", which basically means it is not Umbraco Developers' problem but it is your problem, even though problem occurs after an Umbraco upgrade. Very disappointing.
This happened to me after an upgrade. Check the umbracoUseSSL setting is true if you're on HTTPS. Delete your cache, TEMP and umbraco.config and restart the site then clear your session and cookies.
Fixed it for me.
UPDATE - No it didn't!
I've isolated the issue to be something on the front end with sessions / cookies. If I open ONLY the backoffice it works perfectly. If I open the front end in another tab then the Umbraco tab instance starts throwing the 417.
I'm looking at cookies and headers to see what's different.
UPDATE2 - Found it to be a third party cookie tool on the front end killing the UMB-XSRF-TOKEN token cookie. https://github.com/umbraco/Umbraco-CMS/issues/4138
I've had similar issues and have found its the missing ASP.NET session ID cookie. Going straight to the backend, that cookie isn't set and the other cookies don't appear.
Anything relating to clearing cookies, cache etc don't work. Logging in only sets the affinity cookie (if you're on ucloud) and the umbcontext.
Hit the front end, get the session cookie and then go straight to the back end (don't logout/login) and the cookies get set. If you've seen a white screen then it should disappear straight away.
Thank you for that fix, it worked for me with one of our clients as well.
I filed an issue here: https://github.com/umbraco/Umbraco-CMS/issues/9696
I'm planning to have look at doing a PR, but won't have time for a couple of weeks.
I have the same issue....thanks for this discussion.
I've just upgraded a large site from 7.15.3 to 7.15.7 and these issues remain.
In the Chrome console I see https://ww.mysite.com/umbraco/backoffice/UmbracoApi/Content/PostSave 417 and https://play.google.com/log?format=json&hasfast=true&authuser=0 401
I will update if any of the solutions in this thread work.
UPDATE This fixed it form me: https://github.com/umbraco/Umbraco-CMS/issues/4138#issuecomment-740489174
is working on a reply...