A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More

AI OnAI Off

Anti-forgery validation fails for POST and PUT to REST store

Ted
Ted
Vote:
 

I've created a REST store like this:

    [RestStore("mystore")]
    public class MyStore : RestControllerBase
    {
        [HttpPost]
        public ActionResult Post()
        {
            return Rest(new { result = "POST works." });
        }

        [HttpGet]
        public ActionResult Get()
        {
            return Rest(new { result = "GET works." });            
        }

        [HttpPut]
        public ActionResult Put()
        {
            return Rest(new { result = "PUT works." });                    
        }
    }

I can get the store just fine in a Dojo widget, and when doing store.get() I get the correct result. It also works when doing a GET request through Postman.

However, when doing a POST or PUT, I get the anti-forgery validation error saying "This request has probably been tampered with. Close the browser and try again."

The stack trace says the requests fails at EPiServer.Shell.Services.Rest.RestHttpHandler.ValidateAntiForgeryToken(HttpContextBase httpContext).

Any bright ideas? :)

#194830
Edited, Jul 04, 2018 10:45
Ted
Ted
Vote:
 

Nevermind, digging deeper it seemed it was just a matter of mismatching parameters (the actual store was not quite as simple as the sample code). Not supplying a required method parameter produced this somewhat misleading exception. Doh!

#194835
Edited, Jul 04, 2018 11:19
Pa Njie
Pa Njie
Vote:
 

Hey Ted,

Could you please give a bit more detail on how you got this working? I am currently having issues making a post request.

Thanks

#198620
Nov 01, 2018 10:45
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.