I have a view where I'm making an api call via Ajax / JQuery to a third party. I can only get it to work by opening dev tools in Chrome and deleting the XSRF-Token. If I remove the token it works perfectly. If I don't remove it I get the "Request header field X-XSRF-TOKEN is not allowed by Access-Control-Allow-Headers in preflight response" error.
I don't control the server/code to where I'm making the api call (it is to do an IP Geo lookup).
I've tried adding [DisableAbpAntiForgeryTokenValidation] to my controller action but it seems to not help.
How can I disable this token from being created for this one view?
thanks!
4 Answer(s)
-
0
You can check Context before calling SetCookie in _Layout.cshtml:
@{ AbpAntiForgeryManager.SetCookie(Context); // ... } -
0
delete this cookies field (X-XSRF-TOKEN)
Had the same issue. In my case the reason was that in my Chrome cookies was saved X-XSRF-TOKEN field. And somehow Chrome added header 'Access-Control-Request-Headers: x-xsrf-token' to OPTION request. In Firefox the same page works fine, in incognito mode Chrome - too. So I've just delete this cookies field (X-XSRF-TOKEN) and that's all.
see <a class="postlink" href="https://stackoverflow.com/a/43021066/1767482">https://stackoverflow.com/a/43021066/1767482</a>
-
0
Aaron, thanks for your comment. Can you elaborate on "You can check Context before calling SetCookie" ?
ie: what context am a I checking for? does AbpAntiForgeryManager.SetCookie(Context) allow me to suppress the XSRF-Token in the cookie?
-
0
You can check Context.Request.Path.Value:
if (!Context.Request.Path.Value.Contains("view where I'm making an api call via Ajax / JQuery to a third party")) { AbpAntiForgeryManager.SetCookie(Context); }Before that, check if upgrading abp-web-resources solves it:
$ yarn upgrade abp-web-resources@^3.5.0
