Error 400. Bad request

[Ochapparel]

nopCommerce version: 4.50

Steps to reproduce the problem: I am not able to reproduce in my local machine. I've had customers call saying they are trying to add items to their cart and it just spins. On the back end I just get a 400 bad request. The url looks like this:

https://www.ochapparel.com/addproducttocart/catalog/46357/1/1

When I search the code for this "addproducttocart" i see this:

//add product to cart (without any attributes and options). used on catalog pages. (AJAX) endpointRouteBuilder.MapControllerRoute(name: "AddProductToCart-Catalog", pattern: $"addproducttocart/catalog/{{productId:min(0)}}/{{shoppingCartTypeId:min(0)}}/{{quantity:min(0)}}", defaults: new { controller = "ShoppingCart", action = "AddProductToCart_Catalog" });

but I do not know what/how to debug it.

One thing people say is they are using a smart phone when trying to order.

I switched to the DefaultClean theme and still seeing this.

Here is a discussion I started on the forums: https://www.nopcommerce.com/en/boards/topic/93451/error-400-bad-request#293598

[Ochapparel]

I found how to reproduce. On iPhone I went to my items. Then hit “add to cart” from the product list page. And the little pop up spinner shows and doesn’t do anything. And in my logs I get the error.

Nop team please look

[Ochapparel]

I downloaded a mobile simulator for Chrome. Then went to my localhost and tried to "add an item" from the category page with the Add to Cart button and I got this:

Hope it helps

Failed to load resource: the server responded with a status of 400 (Bad Request) Category.Footer.scripts.js?v=uxTcuyzQBF8eMInhYad1LEo-pJs:13 Uncaught TypeError: Cannot read properties of undefined (reading 'AjaxCartFailure') at Object.ajaxFailure [as error] (Category.Footer.scripts.js?v=uxTcuyzQBF8eMInhYad1LEo-pJs:13:13044) at y (Category.Footer.scripts.js?v=uxTcuyzQBF8eMInhYad1LEo-pJs:2:41191) at Object.fireWith [as rejectWith] (Category.Footer.scripts.js?v=uxTcuyzQBF8eMInhYad1LEo-pJs:2:41936) at b (Category.Footer.scripts.js?v=uxTcuyzQBF8eMInhYad1LEo-pJs:2:80285) at XMLHttpRequest. (Category.Footer.scripts.js?v=uxTcuyzQBF8eMInhYad1LEo-pJs:2:85363) ulb:1 Refused to load manifest from 'https://www.ochapparel.com/icons/ochapparel_favicon/site.webmanifest?v=E6mYAakA0b' because it violates the following Content Security Policy directive: "default-src 'self' data: https://www.google-analytics.com". Note that 'manifest-src' was not explicitly set, so 'default-src' is used as a fallback.

[DmitriyKulagin]

@Ochapparel Since version 4.50, we have refactored the anti-forgery attributes that mark some controller actions. As part of these changes, the AddProductToCart_Catalog method is no longer ignored by .NET's built-in anti-counterfeiting mechanism. You can see more about all the changes effected by the specified refactoring in the related issue - https://github.com/nopSolutions/nopCommerce/issues/5288.

The solution in this situation is to embed the <nop-antiforgery-token /> tag on the form, which will add the verification token necessary for protection to the page.

Therefore, developers of third-party themes should consider this when updating the version.

I also note that I was not able to reproduce the indicated problem on the default theme, perhaps you have some modifications that violate the correct operation. So I'm closing the issue.

[Ochapparel]

That seemed to have fixed it! I'll let Nop-Templates know!