Cause of CSRF cookie errors in the event log

duy luu asked on May 30, 2019 10:14

Recently we've been getting the errors with CSRF in Event Log. Anyone can tell us what is causing these errors?

1. Message: The CSRF cookie was missing.

2. Message: The CSRF hidden field was malformed.

3. Message: The CSRF hidden field value didn't match the CSRF cookie value.

Many thanks.

Correct Answer

Dmitry Bastron answered on May 30, 2019 13:46

Hi Duy,

In some cases it maight be some third-party service trying to send POST requests to your website.

You can check the othe info about these requests like Event URL and User agent - these should help you to identify what is this.

For example, I've seen this in my event log on one of the websites:

Event URL: /autodiscover/autodiscover.xml User agent: ExchangeServicesClient/15.00.0913.015

It's more likely some mail server/client trying to sent POST request to the website. I'd say there is basically nothing to worry about.

1 votesVote for this answer Unmark Correct answer

Recent Answers

duy luu answered on May 31, 2019 13:43

Thanks you a lot:)

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.