I had some issues yesterday after getting started using this package. The demo etc. didnt have the token param so i didnt enter anything in it and i couldnt get POST to work. However, even with the @HTML.RenderFormToken nothing got output to the form and POST still didnt work. Only when i put some text in the formtoken did i get POST functioning correctly.
I initially thought the token was the AntiForgery Token but its not - its just to identify the form posting back. I think to avoid confuion this param ought to be called FormName or get rid of it completely and generate a GUID in the FormToken (and get it working / or tell me what ive done wrong) so its not needed to be entered.
I have also then also added the [ValidateAntiForgeryToken] to the controller manually to secure my posts. For people new to MVC this ought to be shown in the docs/demo as best practice to prevent forged requests.
Apart from these issues and a question which il put in another thread - absolute top package! :) Im over the disappointment of 5 and looking forward to getting v4 working using MVC now (MVC was the main reason i wanted v5).
variable initially. My question was did it need to be added as a param - could it not be generated automatically - to stop any errors as mine - or by getting a duplicate form post. If it stays it woould be better called FormID or FormName so it doesnt get confused with the AntiForgeryToken
Use of the Token Param and demo issues
I had some issues yesterday after getting started using this package. The demo etc. didnt have the token param so i didnt enter anything in it and i couldnt get POST to work. However, even with the @HTML.RenderFormToken nothing got output to the form and POST still didnt work. Only when i put some text in the formtoken did i get POST functioning correctly.
I initially thought the token was the AntiForgery Token but its not - its just to identify the form posting back. I think to avoid confuion this param ought to be called FormName or get rid of it completely and generate a GUID in the FormToken (and get it working / or tell me what ive done wrong) so its not needed to be entered.
I have also then also added the [ValidateAntiForgeryToken] to the controller manually to secure my posts. For people new to MVC this ought to be shown in the docs/demo as best practice to prevent forged requests.
Apart from these issues and a question which il put in another thread - absolute top package! :) Im over the disappointment of 5 and looking forward to getting v4 working using MVC now (MVC was the main reason i wanted v5).
Thanks!
Damian
Hi,
your MvcRenderMacro should contain:
You need the 3 parameters in the Umbraco Macro definition.
When you use the macro you should specify the formtoken something like:
hope this helps, otherwise wait for the demo update thats coming.
Cheers
Hi,
I did get it working - i was missing the
formtoken="contactform"
variable initially. My question was did it need to be added as a param - could it not be generated automatically - to stop any errors as mine - or by getting a duplicate form post. If it stays it woould be better called FormID or FormName so it doesnt get confused with the AntiForgeryToken
Thanks!
Damian
I think we could just use the AntiForgeryToken for this.
I think the post methods will not get called when there is no matching AntiForgeryToken
is working on a reply...