I'm trying to protect an application (php and lots of JS) from CSRF. I want to use tokens. A lot of operations are done with AJAX, so I have to pass the token in Javascript. If I want to generate 1 token per session or per page load it's simple - I generate new token, put it somewhere in a DOM and then find it with Javascript and send ...
Hi, I am coding an ASP.NET MVC 2 application that does the following: A view is loaded. Clicking on a button opens a jQuery UI Dialog that loads a partial view inside of it. (it loads a brand new instance everytime the dialog is opened using the "load" method of jQuery dialog). This partial view has a form (AjaxForm) that gets posted ...
Some background to my issue: It appears that there is a change/bug in Mvc2 concerning ValidateAntiForgeryTokenAttribute. When upgrading from Mvc1 to Mvc2, users with an active session will receive the following error when they request a page using ValidateAntiForgeryTokenAttribute: Unable to cast object of type 'System.Web.UI.Trip...
Hello, We'd been getting "A required anti-forgery token was not supplied or was invalid." errors, and on some further investigation, I've managed to recreate the problem in its simplest form - i'm either doing something completely wrong, or this is a limitation of the anti-forgery token system. Either way, I'd appreciate some advice! ...