aspnetboilerplate: Empty or invalid anti forgery header token

https://aspnetboilerplate.com/Pages/Documents/XSRF-CSRF-Protection#non-browser-clients

I upgraded from 5 -> 7 recently, and one of our endpoints (which is used by just an API client system, no browser) is broken and throwing this error in the log:

WARN  2022-01-31 16:46:23,317 [16   ] rity.AntiForgery.AbpAntiForgeryApiFilter - Empty or invalid anti forgery header token.
WARN  2022-01-31 16:46:23,317 [16   ] rity.AntiForgery.AbpAntiForgeryApiFilter - Requested URI: http://192.168.128.172/api/services/Project/csvHook/Check

I added the [DisableAbpAntiForgeryTokenValidation] to the interface method and it works now, but still, the system was working before and now doesn’t (I was executing the API endpoint from the swagger pages)

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 22 (22 by maintainers)

Most upvoted comments

I see, there is indeed an error in my console that it cannot get the injected script. perhaps the way it works have changed between 5-7 and I need to reinstall/config swagger.

+1
worthy7 on Feb 8, 2022
Read more comments on GitHub
← aspnetboilerplate: Embedded localizations extensions not working in late versions of Abp
aspnetboilerplate: Entity History for List of Navigation Properties inside Entity Not Working →