Thursday, June 25, 2015

Offline, can not save EPiServer 7.x

We recently started getting an odd error message whenever we edited a page. EPiServers auto save functionality was throwing an error in the console




POST http://mysite.local/episerver/cms/Stores/contentdata/ 500 (Internal Server Error)”.

We searched the internets for some clues about what could be wrong. Many posts hinted about page properties beeing missmatched with the settings in the database





Further digging into the logs we found this

Here’s the stack trace:
[InvalidOperationException: This request has probably been tampered with. Close the browser and try again.]
   EPiServer.Framework.Web.AspNetAntiForgery.ThrowForgeryException() +374
   EPiServer.Shell.Services.Rest.RestHttpHandler.ProcessRequest(HttpContextBase httpContext) +109
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +913

   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

and

ERROR - 1.2.5 Unhandled exception in ASP.NET
System.InvalidOperationException: This request has probably been tampered with. Close the browser and try again.
   at EPiServer.Framework.Web.AspNetAntiForgery.ThrowForgeryException()
   at EPiServer.Shell.Services.Rest.RestHttpHandler.ProcessRequest(HttpContextBase httpContext)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

ERROR - Cross-site request forgery detected [Client IP: XX.XX.XX.XX, Referer: http://mysite.local/episerver/CMS/#context=epi.cms.contentdata:///317, Url: http://mysite.local/episerver/cms/Stores/contentversion/, User: UserName]

although, the error that led us to the solution was this little fella

"the required anti-forgery cookie __requestverificationtoken is not present"

It turns out that we had marked the cookies as secure (as we all should) with the configuration setting
<system.web><httpCookies requireSSL="true" /></system.web>


But we were accessing the site with http. So the real underlying error was that last one, “the required anti-forgery cookie __requestverificationtoken is not present”. The site was requesting secure anti-forgery cookies but was getting standard unsecure cookies, thus the tampering exception

The solution, query the site with https or change the setting to requireSSL=”false”

22 comments :

  1. Thanks for sharing, nice post! Post really provice useful information!

    Hương Lâm chuyên cung cấp bán máy photocopy và dịch vụ cho thuê máy photocopy giá rẻ, uy tín TP.HCM với dòng máy photocopy toshiba và dòng máy photocopy ricoh uy tín, giá rẻ.

    ReplyDelete
  2. Actually no matter if someone doesn't be aware of after that its up to other users that they will help, so here it takes place.
    섯다
    고스톱

    ReplyDelete
  3. Hi there excellent blog! Does running a blog like this take a lot of work?
    I’ve very little knowledge of coding but I was hoping to start my own blog in the near future.
    Anyways, should you have any ideas or techniques for new blog owners please share.
    I know this is off subject nevertheless I simply wanted to ask.
    Thank you!
    스포츠토토
    스포츠토토

    ReplyDelete
  4. Hi there, I found your blog by the use of Google while looking for a related subject, your site came up, it appears good. I've bookmarked it in my google bookmarks.
    성인웹툰
    일본야동

    ReplyDelete
  5. Attractive component of content. I just stumbled upon your site and in accession capital to claim that I acquire actually enjoyed account your blog posts. Anyway I will be subscribing for your feeds or even I success you access consistently quickly.
    안전놀이터
    토토사이트

    ReplyDelete
  6. We are really grateful for your blog post for giving a lot of information
    바카라사이트

    ReplyDelete
  7. Thanks for sharing this marvelous post. I m very pleased to read this article.토토사이트

    ReplyDelete
  8. You definitely put a new spin on a topic thats been written about for years. Great stuff, just great! Feel free to visit my website;
    야설

    ReplyDelete
  9. Best article on this topic. I love your way of writing, so please post some more articles on this topic or related to this topic. Thank you for sharing such a golden information will be your regular visitor. Feel free to visit my website;
    한국야동

    ReplyDelete
  10. I should say only that its awesome! The blog is informational and always produce amazing things. Feel free to visit my website;
    국산야동

    ReplyDelete
  11. Hello there, You have done a fantastic job. I’ll certainly digg it and individually recommend to my friends. I am sure they will be benefited from this website. Feel free to visit my website;

    일본야동

    ReplyDelete
  12. I was able to think a lot while looking at this post. I will pass this blog to many people. Definitely a good blog is very good. Thank you for sharing. Feel free to visit my website; 일본야동

    ReplyDelete
  13. I’m impressed, I have to admit. Truly rarely should i encounter a blog that’s both educative and entertaining, and without a doubt, you’ve hit the nail within the head. Your notion is outstanding; the pain is an issue that insufficient everyone is speaking intelligently about. I am very happy that we stumbled across this inside my try to find some thing relating to this. 메이저토토추천

    ReplyDelete
  14. On this page you can read my interests, write something special. Satta king

    ReplyDelete
  15. Satta king 786 could be a quiz game that started many decades ago. This means that people have been playing this game for a long time. Satta King: Now the match is becoming famous among the fans.

    ReplyDelete
  16. Satta king has gained immense popularity in India due to its fast growing industry which is giving people the opportunity to gamble. If anyone likes to play this game, they should visit our website Satta King for more information about the game.

    ReplyDelete
  17. I'm very curious about how you write such a good article. Are you an expert on this subject? I think so. Thank you again for allowing me to read these posts, and have a nice day today. Thank you. 슬롯커뮤니티

    ReplyDelete
  18. This is the perfect post.안전놀이터 It helped me a lot. If you have time, I hope you come to my site and share your opinions. Have a nice day.

    ReplyDelete
  19. Including the design of various features of the game looks interesting. Try it and you won't be disappointed. betflix has a lot of games.

    ReplyDelete
  20. I’m thinking some of my readers might find a bit of this interesting. Do you mind if I post a clip from this and link back? Thanks 사설토토

    ReplyDelete