How to solve Request Verification Token for refer web site

Question

AntiForgeryToken is present on my form under MVC 5 solution. and it is working good. But I my client got some refer web site, if my domain,for example, is www.mysite.com their URL is www.mysite.blabla.com.

if user open normal web site it is working good, but if in case he opened www.mysite.blabla.com and make SUBMIT (POST) form, I am getting error The required anti-forgery cookie "__RequestVerificationToken" is not present.

In elmah logs I see next values

HTTP_HOST   www.mysite.com 

HTTP_REFERER    http://www.mysite.blabla.com/

HTTP_X_FORWARDED_HOST www.mysite.blabla.com

HTTP_X_FORWARDED_SERVER www.mysite.blabla.com

SERVER_NAME www.mysite.com

I need to allow to use my work on this domain. Is it possible to setAnto-Forgety Token to allow reqvest to this domaine ? or it is only one solution : remove

@Html.AntiForgeryToken()

score 0 · Answer 1 · answered Oct 08 '14 at 18:31

0

The goal of the AnitForgeryToken is to prevent other sites from posting to your actions. This is expected behavior. It prevents cross-site request forgery attacks.

If they want to link over, it should be with a standard GET request.

answered Oct 08 '14 at 18:31

ps2goat

8,067
1
35
68

you would have to use a GET request: `my.url.com?value=abc&value2=123`, or take out the `AntiForgeryToken` and open your website to potential attacks. – ps2goat Oct 08 '14 at 18:43
Yes but what about CAPTCHA I have it as well – Arbejdsglæde Oct 08 '14 at 18:45

How to solve Request Verification Token for refer web site

1 Answers1