Open Closed

The required antiforgery cookie ".AspNetCore.Antiforgery.****" is not present. #2065


User avatar
0
Neozzz created

I have added a microservice service to a microservice solution. I followed the directions given in this doc: https://docs.abp.io/en/commercial/latest/startup-templates/microservice/add-microservice#running-the-solution

Then followed this doc: https://docs.abp.io/en/commercial/latest/startup-templates/microservice/synchronous-interservice-communication#updating-orderservice-application-contracts

Then did a migration and ran the project using:

tye run --watch

I am able to access the newly added end-point in swagger. But when I post data I get the error mentioned in the title.

The following is the trace.

Request starting HTTP/2 POST https://localhost:44337/api/app/product-type application/json 1122
2021-11-01 13:02:21.649 +04:00 [INF] Executing endpoint 'ZW.ProductSvc.ProductTypes.ProductTypeController.CreateAsync (ZW.ProductSvc.HttpApi)'
2021-11-01 13:02:21.660 +04:00 [INF] Route matched with {action = "Create", controller = "ProductType", area = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[System.Guid] CreateAsync(ZW.ProductSvc.ProductTypes.ProductTypeCreateDto) on controller ZW.ProductSvc.ProductTypes.ProductTypeController (ZW.ProductSvc.HttpApi).
2021-11-01 13:02:21.662 +04:00 [ERR] The required antiforgery cookie ".AspNetCore.Antiforgery.Schh12Bn9tQ" is not present.
2021-11-01 13:02:21.662 +04:00 [INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
2021-11-01 13:02:21.665 +04:00 [INF] Executing HttpStatusCodeResult, setting HTTP status code 400
2021-11-01 13:02:21.665 +04:00 [INF] Executed action ZW.ProductSvc.ProductTypes.ProductTypeController.CreateAsync (ZW.ProductSvc.HttpApi) in 5.2878ms
2021-11-01 13:02:21.665 +04:00 [INF] Executed endpoint 'ZW.ProductSvc.ProductTypes.ProductTypeController.CreateAsync (ZW.ProductSvc.HttpApi)'
2021-11-01 13:02:22.658 +04:00 [DBG] Added 0 entity changes to the current audit log
2021-11-01 13:02:22.658 +04:00 [DBG] Added 0 entity changes to the current audit log
2021-11-01 13:02:22.663 +04:00 [INF] Request finished HTTP/2 POST https://localhost:44337/api/app/product-type application/json 1122 - 400 0 - 1016.7524ms

Please let me know what might be causing this issue.

Thank you


29 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I guess this is because the cookies are shared on localhost, this problem does not occur when using a domain.
    I think it will not affect the app work, right?

  • User Avatar
    0
    Neozzz created

    Hi, but first the app should run in localhost right? I am sorry if I didn't understand you correctly.

    I would like to add, how I had to write controller code and DI application service and write:

    public class ActionName (Guid id) { return IApplicationService.UpdateEntity(id); }

    This was something that was done for each action. While usually writing for an app, we don't edit the controller right? is there something that has to be taken care of at this point?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    but first the app should run in localhost right?

    I mean, this problem only occurs in the localhost domain, does it break the work of the application?

    I would like to add, how I had to write controller code and DI application service and write:

    We usually write HttpApi Controller which is used for dynamic Http proxy for tiered project, It is good practice to write API Controller for each application.

    You can refer to these: https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/IdentityRoleAppService.cs https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.HttpApi/Volo/Abp/Identity/IdentityRoleController.cs

  • User Avatar
    0
    Neozzz created

    hi,

    we haven't started testing this with a domain name yet. this breaks while locally testing the application.

  • User Avatar
    0
    Neozzz created

    looks like this error is there in the product-service thats generated by default within the microservice pro template.

    Could you please look into it? just run the product service swagger page through the tye dashboard or even try running the project separately and see. you'd see the error.

    i followed the docs, and for those info that were missing i followed the product service project.

    please look into this asap.

    Thank you

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    okay, I will check it.

  • User Avatar
    0
    Neozzz created

    hi liang,

    could you please update?

    thank you

  • User Avatar
    0
    Neozzz created

    any updates? we've been stuck here for 2 days now.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I tiered but can not reproduce the problem, can your share a project? shiwei.liang@volosoft.com

  • User Avatar
    0
    Neozzz created

    Hi Liang,

    Sorry for the late reply. I have sent you a access to a repo.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    I test the project you provied but didn't get any error.

  • User Avatar
    0
    Neozzz created

    Hi Liang,

    I continue to get the error here :(

    While reconfiguring to use with your system, was there anything wrong I did? Or could you please check what might be wrong in my config?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Are you using HTTPS? please share the detail of the requests(headers, and cookies).

    Also, can you test it via incognito tab? maybe it's your local cookie problem.

  • User Avatar
    0
    Neozzz created

    Response on normal tab:

    Response on incognito tab:

    cannot see the authorize button on swagger either.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Response on incognito tab cannot see the authorize button on swagger either.

    I think there is no problem, you should use the Swagger page of the web gateway

  • User Avatar
    0
    Neozzz created

    Hi Liang,

    Thank you. I was checking the direct end-point in the tye dashboard. However, I am seeing the following error in the public gateway logs:

    2021-11-04 16:42:54.432 +04:00 [INF] Request origin https://localhost:44353 does not have permission to access the resource.
    2021-11-04 16:42:54.435 +04:00 [DBG] requestId: 0HMCVI1GAD68Q:00000013, previousRequestId: no previous request id, message: ocelot pipeline started
    2021-11-04 16:42:54.451 +04:00 [DBG] requestId: 0HMCVI1GAD68Q:00000013, previousRequestId: no previous request id, message: Upstream url path is /api/app/product-type
    2021-11-04 16:42:54.458 +04:00 [WRN] requestId: 0HMCVI1GAD68Q:00000013, previousRequestId: no previous request id, message: DownstreamRouteFinderMiddleware setting pipeline errors. IDownstreamRouteFinder returned Error Code: UnableToFindDownstreamRouteError Message: Failed to match Route configuration for upstream path: /api/app/product-type, verb: POST.
    2021-11-04 16:42:54.459 +04:00 [WRN] requestId: 0HMCVI1GAD68Q:00000013, previousRequestId: no previous request id, message: Error Code: UnableToFindDownstreamRouteError Message: Failed to match Route configuration for upstream path: /api/app/product-type, verb: POST. errors found in ResponderMiddleware. Setting error response for request path:/api/app/product-type, request method: POST
    2021-11-04 16:42:54.459 +04:00 [DBG] requestId: 0HMCVI1GAD68Q:00000013, previousRequestId: no previous request id, message: ocelot pipeline finished
    2021-11-04 16:42:54.460 +04:00 [INF] Request finished HTTP/2 POST https://localhost:44353/api/app/product-type application/json 1122 - 404 0 - 30.5992ms
    2021-11-04 16:43:31.401 +04:00 [INF] Request starting HTTP/2 POST https://localhost:44353/api/app/product-type application/json 1122
    2021-11-04 16:43:31.401 +04:00 [INF] CORS policy execution failed.
    

    I have added the configs to appsettings in all gateways similar to what is shown for product service.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi Neozzz

    Failed to match Route configuration for upstream path: /api/app/product-type, verb: POST.

    Does your product service has such API route? You can check its swagger.

  • User Avatar
    0
    Neozzz created

    hi liang,

    its there. if you could tye run the project i shared, it has 2 service endpoints. 1 is product-type and other is <custom-entityname>-type.

    both has the end points.

    please check and let me know.

    Thanks.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi Neozzz

    Can you share simple code and steps to reproduce wiht new microservice template?

  • User Avatar
    0
    Neozzz created

    hi liang,

    Its the same code that i have shared with you on github. Just tye run the project and run the leave-type post api from webgateway as you suggested earlier. i have attached a sample post (samplepost file in root) request data in github right now. Hope this is what you asked.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    This seems be a problem.

  • User Avatar
    0
    Neozzz created

    with area and route it was not working.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    route it was not working.

    Please explain it in details.

  • User Avatar
    0
    Neozzz created

    the error is still there.

    CORS policy execution failed.
    2021-11-10 11:39:54.301 +04:00 [INF] Request origin https://localhost:44325 does not have permission to access the resource.
    2021-11-10 11:39:54.588 +04:00 [WRN] requestId: 0HMD43EI676FB:00000003, previousRequestId: no previous request id, message: DownstreamRouteFinderMiddleware setting pipeline errors. IDownstreamRouteFinder returned Error Code: UnableToFindDownstreamRouteError Message: Failed to match Route configuration for upstream path: /api/app/leave-type, verb: POST.
    

    In the beginning it was not showing the end points, hence i commented it out.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Please try to do that.

    https://support.abp.io/QA/Questions/2065/The-required-antiforgery-cookie-AspNetCoreAntiforgery-is-not-present#answer-041206e6-7bf4-5f37-de95-3a001ab1f29a

Made with ❤️ on ABP v9.1.0-preview. Updated on November 18, 2024, 05:54