This request has probably been tampered with

Vote:
 

Hi,

We're getting a request forgery exception when we try to update many of our commerce entities through the CMS back-end:

[InvalidOperationException: This request has probably been tampered with. Close the browser and try again.]
EPiServer.Framework.Web.AspNetAntiForgery.ThrowForgeryException() +369
EPiServer.Shell.Services.Rest.RestHttpHandler.ValidateAntiForgeryToken(HttpContextBase httpContext) +357
EPiServer.Shell.Services.Rest.RestHttpHandler.GetController(HttpContextBase httpContext) +108
EPiServer.Shell.Services.Rest.RestHttpHandler.BeginProcessRequest(HttpContextBase context, AsyncCallback callback, Object extraData) +25
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +923
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +157

This occurs when any of the property values are changed, which prevents us from updating the relevant products and categories.

The symptoms are the same as outlined here:

http://blog.nansen.com/2015/06/offline-can-not-save-episerver-7x.html

Except we're not using secure cookies.

Any idea what could be causing this?

Thanks.

#163353
Oct 20, 2016 14:42
Vote:
 

Found the cause for this, I hope it helps someone.

In our case, the episerver framework basepath was set to an inaccessible network share path. This normally, from past experience, results in errors on startup. In this case, the app worked fine, other than these cross site scripting validation errors. Weird.

#163443
Oct 20, 2016 15:23
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.