Open Closed

Blazoe WebApp Request Validation Failing #9998

User avatar
0
ddelamare created

I am having this issue where requests that work when using Blazor Server rendering fail when the page is rendered in WebAssembly Mode.

There are two similar errors I'm encountering.

  1. There is an API call that uses [DisableValidation], and it works normally when using InteractiveServer, but not InteractiveAuto. It seems to fail in the generated controller, before reaching the proxy. No breakpoints or logging from the proxies are happening, and the 400 response from the server has no text. Is there a way to disable this eager validation and wait until it hits the api? 2. The is an API call that uploads a file using a using file upload dto, which again works when using InteractiveServer, but not InteractiveAuto. The error returned is Unsupported Media Type. Is there a way t fix this or disable it?
Go to accepted answer
5 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent

    1. For the issue with [DisableValidation] and 400 errors in WebAssembly (WASM) mode:

      • In Blazor WASM (especially with prerendering or InteractiveAuto), validation may occur on the client before the request reaches your API. ABP's generated proxies and validation pipeline can behave differently between server and WASM modes. If you want to ensure validation only happens on the server, avoid using client-side proxies for these calls, or use direct HTTP requests (e.g., via HttpClient) to your API endpoints. This bypasses the client-side validation layer and ensures the [DisableValidation] attribute is respected server-side.
      • There is no built-in ABP option to globally disable client-side validation for all proxies in WASM mode. You must either avoid using the generated proxy for that endpoint or customize the proxy/service code to skip validation.

    2. For the file upload API returning "Unsupported Media Type" in WASM mode:

      • This error typically occurs if the request's Content-Type does not match what the API expects (e.g., multipart/form-data for file uploads). In Blazor WASM, ensure you are using IBrowserFile and MultipartFormDataContent when sending files, and that your API action is decorated with [Consumes("multipart/form-data")].
      • If you are using ABP's auto-generated proxies, they may not handle file uploads correctly in WASM mode. In such cases, use HttpClient directly to construct and send the multipart request.

    Example for file upload in Blazor WASM:

    var content = new MultipartFormDataContent();
content.Add(new StreamContent(file.OpenReadStream()), "File", file.Name);
await httpClient.PostAsync("api/your-endpoint", content);

    And in your API controller:

    [HttpPost]
[Consumes("multipart/form-data")]
public async Task<IActionResult> Upload([FromForm] YourFileUploadDto input)
{
    // handle file
}

    Summary:

    • For [DisableValidation], use direct HTTP calls for endpoints where you want to avoid client-side validation.
    • For file uploads, use HttpClient with MultipartFormDataContent and ensure your API expects multipart/form-data.

    Sources:

    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    ddelamare created

    I am not able to call the API directly since the new WebApp model applies credentials in the Blazor server before forwarding to the API. Having to maintain custom http client calls is also not acceptable overhead.

    I can see the requests being fired so the validation is not happening in the brower.

  • User Avatar
    0
    ddelamare created

    I turned on all the logs and these ones are related to this request.

    'api/app/form-response/evaluate-duplicate-rules/{formId}' is valid for the request path '/api/app/form-response/evaluate-duplicate-rules/ab7a81e6-e56a-fa31-0f5f-3a1cf5ff5eae'
[09:35:55 DBG] Request matched endpoint 'TOG.SaaSeForms.FormResponses.FormResponseClientProxy.EvaluateDuplicateRulesAsync (TOG.HttpApi.Client)'    
[09:35:55 DBG] Static files was skipped as the request already matched an endpoint.
[09:35:55 INF] The access_token is active.
[09:35:55 DBG] AuthenticationScheme: Cookies was successfully authenticated.
[09:35:55 INF] Executing endpoint 'TOG.SaaSeForms.FormResponses.FormResponseClientProxy.EvaluateDuplicateRulesAsync (TOG.HttpApi.Client)'
[09:35:55 INF] Route matched with {area = "app", action = "EvaluateDuplicateRules", controller = "FormResponse", page = ""}. Executing controller a
ction with signature System.Threading.Tasks.Task1[TOG.SaaSeForms.DeDuplication.DuplicateResponseResult] EvaluateDuplicateRulesAsync(TOG.SaaSeForms.FormResponseDto, System.Guid) on controller TOG.SaaSeForms.FormResponses.FormResponseClientProxy (TOG.HttpApi.Client).
[09:35:55 DBG] Execution plan of authorization filters (in the following order): ["Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter"]
[09:35:55 DBG] Execution plan of resource filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"]   
[09:35:55 DBG] Execution plan of action filters (in the following order): ["Microsoft.AspNetCore.Mvc.ModelBinding.UnsupportedContentTypeFilter (Ord
er: -3000)", "Volo.Abp.AspNetCore.Mvc.GlobalFeatures.GlobalFeatureActionFilter", "Volo.Abp.AspNetCore.Mvc.Auditing.AbpAuditActionFilter", "Volo.Abp
.AspNetCore.Mvc.Response.AbpNoContentActionFilter", "Volo.Abp.AspNetCore.Mvc.Features.AbpFeatureActionFilter", "Volo.Abp.AspNetCore.Mvc.Validation.AbpValidationActionFilter", "Volo.Abp.AspNetCore.Mvc.Uow.AbpUowActionFilter"]
[09:35:55 DBG] Execution plan of exception filters (in the following order): ["Volo.Abp.AspNetCore.Mvc.ExceptionHandling.AbpExceptionFilter"]      
[09:35:55 DBG] Execution plan of result filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"]     
[09:35:55 WRN] The required antiforgery header value "RequestVerificationToken" is not present.
[09:35:55 INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
[09:35:55 INF] Executing StatusCodeResult, setting HTTP status code 400
[09:35:55 INF] Executed action TOG.SaaSeForms.FormResponses.FormResponseClientProxy.EvaluateDuplicateRulesAsync (TOG.HttpApi.Client) in 0.1729ms   
[09:35:55 INF] Executed endpoint 'TOG.SaaSeForms.FormResponses.FormResponseClientProxy.EvaluateDuplicateRulesAsync (TOG.HttpApi.Client)'
[09:35:55 INF] Request finished HTTP/2 POST https://localhost:44346/api/app/form-response/evaluate-duplicate-rules/ab7a81e6-e56a-fa31-0f5f-3a1cf5ff5eae?api-version=1.0 - 400 0 null 4.8285ms

    It says it's failing on a antiforgery token, but there are several requests run immediately before this that work. Inspecting the network requests, I see the antiforgery cookie and the x-xsrf-token header.

    I've seen this happen on other POST requests

  • User Avatar
    0
    ddelamare created

    I was able to fix the 400 error which was caused by the js fetch client not having the ABP specific header config set. However, I am still having the issues with the unsupported media types.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I am still having the issues with the unsupported media types.

    Could you please share your code and debug logs related to this issue?

    https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems

    liming.ma@volosoft.com

    Thanks.

Assignee
User avatar maliming
Question details
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.1.0-preview. Updated on October 30, 2025, 06:33