Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Feitern 6 posts 56 karma points
    May 20, 2014 @ 14:59
    Feitern
    0

    Bulk publish error, anti-forgery token missing

    Hello everyone! I've googled all of the internets, but found nothing so I'd really appreciate any help with this.

    I'm working with an Umbraco 6.1.6 site where the bulk publishing from the GUI does not work. When trying to publish by right clicking a node in the content tree and selecting publish, the BulkPublish service responds with a 500:

    The required anti-forgery form field "__RequestVerificationToken" is not present.

    Checking the request, there is a cookie called __RequestVerificationToken so the token is there, but for some reason not recognized. I've compared the request to one in a fresh install that works and they look exactly the same. Does anyone have any clue what might have caused this? I did not build the site from the start so I don't know when it first stopped working.

    Cheers

  • Jan Skovgaard 11280 posts 23678 karma points MVP 11x admin c-trib
    May 20, 2014 @ 21:09
    Jan Skovgaard
    0

    Hi Feitern

    How many documents are you trying to bulk upload? Does it make a different it it's 1 or 100 nodes?

    /Jan

  • Feitern 6 posts 56 karma points
    May 21, 2014 @ 09:23
    Feitern
    0

    Hi Jan, it fails on a single document as well as a thousand. I've attached the stack trace. I don't know umbraco well enough to tell, but should MVC be involved in this request at all? I should add that the site is heavily customized, probably first built as an MVC4 site and then moved to umbraco, so there are custom routes all over the place. I'm thinking that might interfere with the admin GUI somehow but I'm not sure.

    [HttpAntiForgeryException]: The required anti-forgery form field "__RequestVerificationToken" is not present.
       at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken)
       at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext)
       at System.Web.Helpers.AntiForgery.Validate()
       at System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext)
       at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor)
       at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<BeginInvokeAction>b__1e(AsyncCallback asyncCallback, Object asyncState)
       at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
       at System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state)
       at System.Web.Mvc.Controller.<>c__DisplayClass1d.<BeginExecuteCore>b__17(AsyncCallback asyncCallback, Object asyncState)
       at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
       at System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state)
       at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
       at System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state)
       at System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state)
       at System.Web.Mvc.MvcHandler.<>c__DisplayClass8.<BeginProcessRequest>b__2(AsyncCallback asyncCallback, Object asyncState)
       at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
       at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state)
       at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state)
       at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
       at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
    
  • Feitern 6 posts 56 karma points
    May 22, 2014 @ 10:11
    Feitern
    0

    I've looked at the source code for the BulkPublishController and I cannot understand why it's running the anti forgery validation. It's my understanding that it should be run when an action is decorated with a ValidateAntiForgeryTokenAttribute but the PublishDocument method isn't.

  • Feitern 6 posts 56 karma points
    May 22, 2014 @ 10:23
    Feitern
    100

    Heureka! I found this line in a start up handler, probably from when the site was a pure MVC application:

    FilterProviders.Providers.Add(new AntiForgeryTokenFilterProvider());
    

    Removing it solved the problem.

Please Sign in or register to post replies

Write your reply to:

Draft