Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Anti-forgery error?


Well, they say that a picture says more then a thousand words which applies for this issue, but I'll try to explain as good as I can.

A customer have just installed internet explorer 10 and tries to log into edit mode in Episerver CMS 6 R2 but the page is messed up and in the address field a log of characters have been inserted between the hostname (URI) and the path to edit mode. The page refreshes constantly. 

In log4net there are a log of messages, but some messages seem to repeat itself.

1.1.3 Page Initialized

Adding hidden anti-forgery field to response

Starting request with url [Path to login page] ?ReturnURL=[cmspath]/javascript/editmodeshellintegration.js

Url is not valid for rewrite Returning url [Path to login page] ?ReturnURL=[cmspath]/javascript/editmodeshellintegration.js

Exiting with no rewrite. URL is [Path to login page] ?ReturnURL=[cmspath]/javascript/editmodeshellintegration.js

Attaching anti-forgery to request

User already has anti-forgery cookie set

Page initialized ...

Another BeginRequestEventHandler with path to another javascript file

Since the error started to occur in IE 10 (and IE 11) and works in for example chrome it seems to be a problem with newer editons of Internet Explorer.

Based on the messages in log4net it seems to be some kind of validation errors on javascript files that is beeing used in edit mode.


Anyone else experienced similar problems?? 

Thank you very much for any clues on this problem!

Nov 20, 2013 11:49

The error seems to occur on the server or from a computer inside the company only.

I don't experience this error outside from my computer

Nov 20, 2013 12:00

Disabling protected mode did not help.

Nov 20, 2013 12:05

Changing to the lowest security level and lowering privacy level did not help eighter.

Nov 20, 2013 12:11

This cannot be fixed because the browser is not supported.

Answer from Episerver Helpdesk:

Hi Jon Haakon,


Unfortunately IE10 and IE11 are not tested with and therefore not supported browsers for cms6r2.


Supported browsers are:

•Microsoft Internet Explorer 7.0

•Microsoft Internet Explorer 8.0

•Microsoft Internet Explorer 9.0

•Firefox 3.6, 4.0


Best regards,

EPiServer Developer Support


View your Incident online:

Nov 20, 2013 15:24

I see this error in may solutions, I can't understand that Episerver doesn't find a solution on this error.

What is anti- anti-forgery field?

Ref. Log4net error : Adding hidden anti-forgery field to response

Nov 29, 2013 13:43

We have the same problem with IE 11.

And according to EPiServer

Any of the following is required for edit mode:

  • Microsoft Internet Explorer 11 – on-page editing disabled 
  • Microsoft Internet Explorer 10 – on-page editing disabled 
  • Microsoft Internet Explorer 9
  • Microsoft Internet Explorer 8
  • Microsoft Internet Explorer 7
  • Firefox 4
  • Firefox 3.6

Is there a solution for this yet.



Feb 20, 2014 11:49

See Linus Ekströms comment on :

"Check for the IE11 issue."

Feb 20, 2014 11:56

thanks Jon Haakon

but this does not work.

"KB2836939v3 does not apply, or is blocked by another condition on your computer."


Feb 20, 2014 12:03

Have you installed KB2836939v3 on the webserver running the episerver solution?

Feb 20, 2014 12:29

If you install the latest version of the .NET framework on the server  it should work better.

Edited, Feb 20, 2014 13:01

My fault. I should have figured it out. I tried to install on my client because I thought it was a client problem.

We will try to install it in the web server.

I will return with result.

thanks for all help :)


Feb 20, 2014 13:04
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.