-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Asp.net core 2 + Antiforgery: all POST endpoints return 400 Bad Request #3027
Comments
From this sentence, it sounds like the antiforgery error message isn't appearing any more. Can you clarify what problem you are having now? |
All POST endpoints in my app return I just created an empty app ( Regarding the antiforgery error message, it's not appearing any more but I still have the feeling something is wrong there. I set
Also when hitting the POST endpoints and creating the 400's. This also doesnt seem right, correct? Given I have set the loglevel to (Almost dinner time here in the Netherlands. Will reply later tonight...) |
@natemcmaster Can I provide additional information to clarify? |
I also tried persisting the key to the filesystem to a mounted volume on the docker host. However, I am running into this issue. |
Thanks for clarifying. @mkArtakMSFT or @rynowak - looks like antiforgery issue. Could be a misconfiguration of the app or browser, but I'm not sure as antiforgery is not my forte. Re: #2941 - if you have repro steps, please feel free to comment on that issue. We closed it because we don't have enough info to investigate, and it appeared to be an issue in .NET Core with System.IO on certain hardware. |
I think this bug is real; I've seen too many bugs in kestrel where I/O errors get reported as other nonsense rather than bubbling up as the I/O errors they are and turning into 5xx HTTP error codes. |
@natemcmaster @mkArtakMSFT @rynowak Thank you for looking into this. If this is a proper bug I am eager to provide more info in order to solve it as my project is halted due to this. Let me know what you need. |
For anyone else stumbling onto this issue, this was the root of the problem. |
I have the same problem |
Thanks for contacting us, @Corstiaan84. |
@MrComic Your issue is different than the one expressed by @Corstiaan84. Regarding mixing pages and API endpoints on the same application:
|
Closing this as there's no more action to be taken here. |
https://stackoverflow.com/questions/50064246/asp-net-core-razor-ajax-post-400-bad-request This link helped me solve the same problem Attention to: services.AddAntiforgery(x => x.HeaderName = "X-XSRF-TOKEN"); beforeSend: function (xhr) {
xhr.setRequestHeader("X-XSRF-Token",
$('input:hidden[name="__RequestVerificationToken"]').val());
}, |
I have an asp.net core 2.1.4 app with a custom IXmlRepository to store the app keys using ef core + postgres. I deploy the app using Docker.
Everything deploys and run fine except that all POST request return a 400 bad request response when running in Production. All is fine in Development.
The problem is related to the setup of the antiforgery/dataprotection settings, I think
This is my Startup.cs when I config the DataProtection and Antiforgery stuff. I have redacted it minimal just in case some other settings might be interfering.
This is my ef core IXmlRepository implementation:
At an earlier stage the logs told me this:
But this error disappeared when I tweaked the postgres settings for the IXmlRepository.
Just in case this is my Dockerfile
Looking forward ot hearing your thoughts. Thanks!
The text was updated successfully, but these errors were encountered: