Sharif Mamun
Reputation: 3574
AntiforgeryValidationException: The required antiforgery header value "RequestVerificationToken" is not present
I am trying to authorize a cloud provider following this on localhost, in ConfigureServices method, my Startup.cs file has
services.AddAntiforgery(options => options.HeaderName = "RequestVerificationToken");
Inside a [HttpGet] controller method, I am trying to validate the request with:
await _antiforgery.ValidateRequestAsync(HttpContext);
This is throwing the exception. Can anyone please suggest what I am doing wrong here?
Thanks!
Upvotes: 3
Views: 3028
Answers (1)
Ivan R.
Reputation: 1915
GET method should not change any data, so it is considered as a safe method and there is no need to protect this method from CSFR. You can see from the example, only POST method is protected. Your browser sends GET request to your site without additional anti forgery header, that is why the exception is thrown.
Upvotes: 5
Related Questions
- .Net Core ValidateAntiForgeryToken throwing web api 400 error
- Using Antiforgery in ASP.NET Core and got error - the antiforgery token could not be decrypted
- "__RequestVerificationToken is not present" error when I can clearly see it in Developer tools
- __RequestVerificationToken is not always being created
- RequestVerificationToken does not match
- ASP.NET MVC The required anti-forgery form field __RequestVerificationToken is not present
- HttpAntiForgeryException is not present in .net core
- Validation of the provided antiforgery token failed. The cookie token and the request token were swapped
- .net Core 2.0 web api 400 error using Validateantiforgerytoken
- AntiForgery Exception: A required anti-forgery token was not supplied or was invalid