duplicate antiforgerytoken in request

2 posts, 0 answers
  1. Tom
    Tom avatar
    2 posts
    Member since:
    Jan 2011

    Posted 17 Nov 2012 Link to this post

    Hi!

    I implemented an MVC3 project with a controller that handles ajax POST requests in JSON format. The controller action requires an AntiForgeryToken.

    Now I have a problem with a kendo datasource request posted to the server. I followed the samples for the dataSource configuration:

    dataSource: new kendo.data.DataSource({
                    type: "json",
                    transport: {
                        read: {
                            url: "GetZones",
                            dataType: "json",
                            type: "POST",
                            contentType: "application/json; charset=utf-8",
                            data: {
                                __RequestVerificationToken: $("input[name=__RequestVerificationToken]").val()
                            } //sendAntiForgery()
                        },
                        parameterMap: function (options) {
                            return JSON.stringify(options);
                        }
                    }};
    
    However in fiddler I get the following error:
    
    {"error":"Invalid JSON primitive: __RequestVerificationToken=cVKwXnuusO7LVzfoTYk2FD4S5BhSstIULlN0uzspliMOByr/OFRMpbaeLT4i84lpqZZPuzNyUzuhqULNEA/WyljOuD17gycOs2yQGfNlHq1GrX7/QcW3l0RC30RAXA9ruyLRuvCBLNOASqsMUSBb4wIyzxMj4mLrZZNdqk4JWyo=."}
    
    I found out that the token is send out twice as you can see in the following request body:
    

    {"__RequestVerificationToken":"cVKwXnuusO7LVzfoTYk2FD4S5BhSstIULlN0uzspliMOByr/OFRMpbaeLT4i84lpqZZPuzNyUzuhqULNEA/WyljOuD17gycOs2yQGfNlHq1GrX7/QcW3l0RC30RAXA9ruyLRuvCBLNOASqsMUSBb4wIyzxMj4mLrZZNdqk4JWyo=","take":10,"skip":0,"page":1,"pageSize":10}&__RequestVerificationToken=cVKwXnuusO7LVzfoTYk2FD4S5BhSstIULlN0uzspliMOByr/OFRMpbaeLT4i84lpqZZPuzNyUzuhqULNEA/WyljOuD17gycOs2yQGfNlHq1GrX7/QcW3l0RC30RAXA9ruyLRuvCBLNOASqsMUSBb4wIyzxMj4mLrZZNdqk4JWyo=

    The first __RequestVerificationToken is in JSON format, but the appended 2nd __RequestVerificationToken is not and leads to the error of the MVC service.

    How can I suppress the 2nd instance?

  2. Rosen
    Admin
    Rosen avatar
    3253 posts

    Posted 20 Nov 2012 Link to this post

    Hello Thomas,

    I'm afraid that I'm not sure what may be the cause for the behavior you have described. Therefore, please provide a small runnable sample in which this behavior can be observed.

    All the best,
    Rosen
    the Telerik team
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
Back to Top