Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Empty or invalid anti forgery header token

See original GitHub issue

https://aspnetboilerplate.com/Pages/Documents/XSRF-CSRF-Protection#non-browser-clients

I upgraded from 5 -> 7 recently, and one of our endpoints (which is used by just an API client system, no browser) is broken and throwing this error in the log:

WARN  2022-01-31 16:46:23,317 [16   ] rity.AntiForgery.AbpAntiForgeryApiFilter - Empty or invalid anti forgery header token.
WARN  2022-01-31 16:46:23,317 [16   ] rity.AntiForgery.AbpAntiForgeryApiFilter - Requested URI: http://192.168.128.172/api/services/Project/csvHook/Check

I added the [DisableAbpAntiForgeryTokenValidation] to the interface method and it works now, but still, the system was working before and now doesn’t (I was executing the API endpoint from the swagger pages)

Issue Analytics

State:
Created 2 years ago
Comments:22 (22 by maintainers)

Top GitHub Comments

1reaction

worthy7commented, Feb 8, 2022

I see, there is indeed an error in my console that it cannot get the injected script. perhaps the way it works have changed between 5-7 and I need to reinstall/config swagger.

0reactions

acjhcommented, Feb 9, 2022

I could not reproduce this issue on ASP.NET Core (nor ASP.NET MVC 5), so I doubt ASP.NET Core does that.

Also, @<span></span>worthy7 is asking about ABP on ASP.NET MVC 5.