messaging.forbiddenorigin error when saving page

Albert Zaballero asked on December 20, 2021 20:26

After deploying a new MVC site we discovered error "messaging.forbiddenorigin" when trying to save a page in the Kentico CMS.

The CMS and MVC sites are hosted on Azure (app service) and currently using Azure URL domain "azurewebsites.net":

For example:

CMS: company-name-cms.azurewebsites.net MVC: company-name-mvc.azurewebsites.net

The final production domains will be setup later.

  • I've double/triple checked settings in Azure including CORS to see if I'm missing anything.
  • I also cannot repro the issue in either my development box or deployed development environment.
  • The Kentico event log nor Chrome developer tools are capturing the error.
  • Furthermore, other sites managed in the same CMS are unaffected, only 2 recently deployed MVC apps are.
  • Kentico version is Kentico 12 SP
  • One difference is the 2 recent ones were updated to use latest version of Kentico NuGet packages (12.0.97)
  • As far as I can tell, all other aspects of the CMS are working when managing the new site.

Appreciate any help on this one.

Recent Answers

vasu yerramsetti answered on December 21, 2021 04:23 (last edited on December 21, 2021 04:30)

I think you are running MVC website with the this domain company-name-mvc.azurewebsites.net. Is this have valid Kentico license? Please cross verify both should be valid licenses (not free/trail)

Refer the following post -

https://devnet.kentico.com/questions/kentico-12-error-message-saving-page-content

0 votesVote for this answer Mark as a Correct answer

Albert Zaballero answered on December 21, 2021 19:10 (last edited on December 21, 2021 19:19)

Vasu - Yes both the CMS and MVC apps have valid Kentico licenses. And thanks for sharing that post. I already found it earlier, but will re-read it just in case.

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on December 22, 2021 07:53

Also make sure you are using HTTPS for both Kentico admin app as well as the front end app and the cert is valid and trusted.

0 votesVote for this answer Mark as a Correct answer

Albert Zaballero answered on April 7, 2022 00:22

Circling back on this in case it helps anyone else.

The Kentico licenses were OK so it wasn't related to that. We also never figured out why we got that messaging.forbiddenorigin error when both the CMS and MVC sites were using the same default Azure domain azurewebsites.net.

This blog post had good info. and lead me to think the issue could still be related to the domain somehow:

Kentico MVC Page Builder Do's and Don'ts https://www.mcbeev.com/kentico-mvc-page-builder-do-s-and-don-ts

Later after the CMS and MVC sites were setup with their final dev and production domains and no longer using azurewebsites.net -- And also being sure the domains matched between the CMS and MVC sites. The error went away which seems to indicate the azurewebsites.net domain was the cause although circumstantial.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.