0

EDIT:__RequestVerificationToken can not found when using nginx, why?

Rhis is my validation code, it always returns an error when using nginx, if I do not use nginx, it is OK. We are using nginx because we have many machines to point at the same host. Rhanks.

public class MyValidateAntiForgeryToken : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        var request = filterContext.HttpContext.Request;
        if (request.HttpMethod== WebRequestMethods.Http.Post)
        {
            if (request.IsAjaxRequest())
            {
                var antiForgeryCookie = request.Cookies[AntiForgeryConfig.CookieName];
                var cookieValue = antiForgeryCookie != null
                    ? antiForgeryCookie.Value : null;
                AntiForgery.Validate(cookieValue, request.Headers["__RequestVerificationToken"]);
            }
            else
            {
                new ValidateAntiForgeryTokenAttribute()
  .OnAuthorization(filterContext);
            }
        }
    }

this is my front code:

 var token = $('@Html.AntiForgeryToken()').val();
                        var headers = {};
                        headers["__RequestVerificationToken"] = token;

                        $.ajax({
                            type: 'POST',
                            url: '@Url.Action("BuyProduct", "PpdaiVip")',
                            cache: false,
                            headers: headers,
                            data: arr,
                            success: function (e) {
                                if (e.IsSuccess) {
                                }
                    });
Tamás Sengel
  • 55,884
  • 29
  • 169
  • 223
MapleStory
  • 628
  • 3
  • 11
  • 22
  • looks like ngnix can be used as a web farm. and then you asure a few other things. is this the case with you to? look here http://stackoverflow.com/questions/23402210/the-anti-forgery-token-could-not-be-decrypted – lordkain Nov 18 '16 at 06:27
  • @lordkain can not find __RequestVerificationToken ,it might be the Niginx cross-domain problem – MapleStory Nov 18 '16 at 06:52
  • @lordkain it works,thanks. – MapleStory Nov 18 '16 at 13:58

0 Answers0