The required antiforgery request token was not provided...

dotnet-smartcomponents / smartcomponents

Experimental, end-to-end AI features for .NET apps

622 stars 54 forks source link

The required antiforgery request token was not provided... #14

Closed matengo closed 3 months ago

matengo commented 3 months ago

I'm going crazy over this, have tried to figure this out for hours.. I get this error when trying to use smart paste.

Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery request token was not provided in either form field "__RequestVerificationToken" or header value "RequestVerificationToken".

My setup is Blazor Server. The component is using @rendermode InteractiveServer. I'm adding inside the form for smart paste. I have app.UseAntiforgery() in program.cs. It seems that the hidden field for the __RequestVerificationToken is not added to the form for some reason that I can't find out.. Been searching for hours on this.

SteveSandersonMS commented 3 months ago

I'm not immediately sure why this would happen, since this sample also uses @rendermode InteractiveServer and does not have this problem.

Are you able to provide minimal repro steps? As in, instructions to create a project that recreates the issue. Or even post your repro project as a GitHub repo.

SteveSandersonMS commented 3 months ago

Thanks for tracking that down! I've been able to repro it based on what you said. This is actually another manifestation of https://github.com/dotnet/aspnetcore/issues/54533 (previously we thought it only applied to WebAssembly, but now you've shown us it can happen for Server too).

I'm going to update Smart Components to avoid this problem permanently now. Will let you know when the update is ready.

matengo commented 3 months ago

Thank's for your reply.

After many hours tearing down the application I found something. The "AntiforgeryToken" is not working within a interactive @if().

I have an if statement that shows the form if an Order is not null. So I select an order in a list, if one is selected the form show up with a "AntiforgeryToken" within the form.. Then no antiforgery hidden field is generated.

If I place the outside of the if statement a hidden field with antiforgery shows up...

For example:

Hidden field with antiforgery is not generated: @if (SelectedOrder) { "AntiforgeryToken" }

Hidden field with antiforgery is generated:

"AntiforgeryToken " @if (SelectedOrder) {

}

That one was hard to figure out... Is this a feature? :)

matengo commented 3 months ago

Thank you!! Sorry that I had to post again, the AntiforgeryToken tag dissapeared in the comment..

SteveSandersonMS commented 3 months ago

OK, the latest build 0.1.0-preview10145 should resolve this problem. If you confirm it works for you, we can close this as fixed!

SteveSandersonMS commented 3 months ago

Since this is addressed by the latest build, I'll close it.

matengo commented 3 months ago

OK, the latest build 0.1.0-preview10145 should resolve this problem. If you confirm it works for you, we can close this as fixed!

Works perfectly, thanks!