We recently started getting an odd error message whenever we edited a page. EPiServers auto save functionality was throwing an error in the console
“POST http://mysite.local/episerver/cms/Stores/contentdata/
500 (Internal Server Error)”.
Further digging into the logs we found this
Here’s the
stack trace:
[InvalidOperationException:
This request has probably been tampered with. Close the browser and try again.]
EPiServer.Framework.Web.AspNetAntiForgery.ThrowForgeryException() +374
EPiServer.Shell.Services.Rest.RestHttpHandler.ProcessRequest(HttpContextBase
httpContext) +109
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+913
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +165
and
ERROR - 1.2.5 Unhandled exception in ASP.NET
System.InvalidOperationException: This request has probably been tampered with. Close the browser and try again.
at EPiServer.Framework.Web.AspNetAntiForgery.ThrowForgeryException()
at EPiServer.Shell.Services.Rest.RestHttpHandler.ProcessRequest(HttpContextBase httpContext)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
ERROR - Cross-site request forgery detected [Client IP: XX.XX.XX.XX, Referer: http://mysite.local/episerver/CMS/#context=epi.cms.contentdata:///317, Url: http://mysite.local/episerver/cms/Stores/contentversion/, User: UserName]
although, the error that led us to the solution was this little fella
"the required anti-forgery cookie __requestverificationtoken is not present"
<system.web><httpCookies requireSSL="true" /></system.web>
But we were accessing the site with http. So the real underlying error was that last one, “the required anti-forgery cookie __requestverificationtoken is not present”. The site was requesting secure anti-forgery cookies but was getting standard unsecure cookies, thus the tampering exception
The solution, query the site with https or change the setting to requireSSL=”false”
Thanks for sharing, nice post! Post really provice useful information!
ReplyDeleteHương Lâm chuyên cung cấp bán máy photocopy và dịch vụ cho thuê máy photocopy giá rẻ, uy tín TP.HCM với dòng máy photocopy toshiba và dòng máy photocopy ricoh uy tín, giá rẻ.
good...this is offline SEO
ReplyDeleteActually no matter if someone doesn't be aware of after that its up to other users that they will help, so here it takes place.
ReplyDelete섯다
고스톱
Hi there excellent blog! Does running a blog like this take a lot of work?
ReplyDeleteI’ve very little knowledge of coding but I was hoping to start my own blog in the near future.
Anyways, should you have any ideas or techniques for new blog owners please share.
I know this is off subject nevertheless I simply wanted to ask.
Thank you!
스포츠토토
스포츠토토
Hi there, I found your blog by the use of Google while looking for a related subject, your site came up, it appears good. I've bookmarked it in my google bookmarks.
ReplyDelete성인웹툰
일본야동
Attractive component of content. I just stumbled upon your site and in accession capital to claim that I acquire actually enjoyed account your blog posts. Anyway I will be subscribing for your feeds or even I success you access consistently quickly.
ReplyDelete안전놀이터
토토사이트