CSRF attack error message in Dev Environment

Ben Knight asked on September 8, 2017 17:27

Currently in the dev environment - I and several other developers have encountered the CSRF attack error when doing certain actions. This is not an issue in our UAT or Live environments and we're struggling to pin this down and was wondering if anyone here could give us some pointers.

Stack Trace from the Kentico event log is below:

Message: CSRF attack detected.

Exception type: CMS.Protection.CsrfException
Stack Trace: 
at CMS.Protection.CsrfProtection.ThrowCsrfException(Exception innerException)
at CMS.Protection.CsrfProtection.ValidateCsrfTokens(Byte[] cookieToken, Byte[] hiddenFieldToken)
at CMS.Protection.CsrfProtection.OnPostMapRequestHandlerExecute(Object sender, EventArgs eventArgs)
at CMS.Base.AbstractHandler.CallEventHandler[TArgs](EventHandler`1 h, TArgs e)
at CMS.Base.AbstractHandler.Raise[TArgs](String partName, List`1 list, TArgs e, Boolean important)
at CMS.Base.SimpleHandler`2.RaiseExecute(TArgs e)
at CMS.Base.SimpleHandler`2.RaiseExecute(TArgs e)
at CMS.Base.SimpleHandler`2.StartEvent(TArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Recent Answers


Brenden Kehren answered on September 8, 2017 18:18

Check your page templates, make sure they do not have tags in them. Most likely what's causing problems or invalid JS.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.