Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Don't send empty anti forgery header.

See original GitHub issue

Abp v1.0

Hi,

Abp sends X-XSRF-TOKEN after disable validation, this causes a problem with cross-site requests (with vimeo, for example) because this header is not allowed in CORS request for vimeo.

There is a way to avoid send this header for a particular ajax request?

Thanks,

Issue Analytics

State:
Created 7 years ago
Comments:6 (4 by maintainers)

Top GitHub Comments

1reaction

hikalkancommented, Oct 26, 2016

You can delete that code after v1.1 release, since it will not send empty header anymore.

0reactions

thiagoburgocommented, Oct 26, 2016

Ok,

AspNet 5.x

Top Results From Across the Web

Empty or invalid anti forgery header token · Issue #6370

I don't actually know what request our service is making, but I do know that manually pressing "Try it now" on the swagger...

jquery - The required anti-forgery form field ...

For some reason when I try to do this post I get this error: "The required anti-forgery form field "__RequestVerificationToken" is not present."....

Anti-forgery token and anti-forgery cookie related issues

Anti -forgery token is used to prevent CSRF (Cross-Site Request Forgery) attacks. Here is how it works in high-level.

400 Empty or invalid anti forgery header token #5335

Hi, I'm using MVC5AJ1. I'm trying to send request by using Postman with following the ...

Send and validate an ASP.NET AntiForgeryToken as a ...

We'll need to create a custom attribute that will specifically look in the request headers for our anti-forgery token. using System;. using System.Collections....