The CSRF cookie was missing.

Rise Admin asked on December 11, 2017 18:44

I'm getting the following error several dozen times per hour: The CSRF cookie was missing.

The error occurs on my production server only, not any of the development environments. This leads me to believe that it is related to sort of strange incoming traffic to the production site (as opposed to a problem with our application code itself)

The issue is difficult to locate because the event URL is always shown as: /cmsmessages/error.aspx?aspxerrorpath=/cmspages/portaltemplate.aspx

The only clue I have is that all of the User Agents have some form of a Microsoft Office or ExchangeService product name in them: MacOutlook/ (Intel Mac OS X 10.9.5)

Mac OS X/10.12.6 (16G1036); ExchangeWebServices/7.2 (268); accountsd/113 (113)

Microsoft Office/15.0 (Windows NT 10.0; Microsoft Excel 15.0.4989; Pro)

Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.8625; Pro)

Could it be some strange "protected view" browser from an Office application loading the page and refusing cookies? Any thoughts on how to fix this error?

Recent Answers

David te Kloese answered on December 12, 2017 09:59 (last edited on December 12, 2017 10:00)

I've seen this error before, but can't remember the exact details. Googling doesn't help much so far.

All I remember is that it was some kind of site check from Office. Can't find the solution but vaguely remember you needed an extra DNS record or something.

One thing is for sure it has nothing to do with CSRF itself, just can't locate the Cookie.

0 votesVote for this answer Mark as a Correct answer

Rise Admin answered on December 12, 2017 18:50 (last edited on December 12, 2017 21:03)

Thanks David - did your experience before have anything to do with Outlooks live-preview function?

OR Microsofts ATP Email Link Protection:

It seems like Outlook is trying to open the site in order to show a preview.

0 votesVote for this answer Mark as a Correct answer

David te Kloese answered on December 14, 2017 09:45


Unfortunately I'm not sure and don't have history of it anymore. Just hope my comment puts you or someone in the right direction.

As for some alternative solutions/fixes/make-it-go-away:

  • If it's mainly from a internal company network your could try disabling the outlook preview thing
  • As for an alternative 'Kentico' fix you could create a global event handler and filter these outlook requests ( Check on the before eventlog event if it's these outlook one and skip the logging. Keep in mind though that skipping event log entries could cause you to miss important errors. so I'd be cautious with this one.
0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.