I have a single page with a tabstrip of grids. I use popup editing to perform crud operations in each grid.
In my grid views I am sending the AntiForgeryToken via the data transport.
For example:
Create(create => create.Action("CreateObject", "Editor").Data("sendAntiForgery"))
which calls:
function sendAntiForgery() {
return { "__RequestVerificationToken": $('input[name=__RequestVerificationToken]').val() }
}
In my EditorTemplates (from inside the Html.BeginForm()) I am calling @Html.AntiForgeryToken().
This was all working perfectly until I made a small change and broke everything.
I removed a call to @Html.AntiForgeryToken() from a simple form in my main view. (Nothing to do with the tabstrip or grids). All of my CRUD operations in my grids were now failing - it was telling me the token wasn't passed.
It turns out, if I simply placed a Html.AntiForgeryToken() in my main view somewhere it fixed everything - I could even remove the Html.AntiForgeryToken from my editor templates.
This doesn't seem right. Can somebody explain this behaviour?