Base solution for your next web application
Open Closed

Bad Request - 400 Empty or invalid anti forgery header #3913

User avatar
0
reyada created

Dear all,

We have Problem in the send post ajax from DevExpress GridView into ASPzero control ,when click on New, Edit or Delete

the below error appears

Bad Request - 400 Empty or invalid anti forgery header

  1. We are using ASPzero as framework <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/issues/2222">https://github.com/aspnetboilerplate/as ... ssues/2222</a>

settings.Name = "grdAccCategoriesPartial" settings.CallbackRouteValues = new { Controller = "Home", Action = "grdAccCategoriesPartial" } settings.SettingsEditing.AddNewRowRouteValues = new { Controller = "Home", Action = "grdAccCategoriesPartialAddNew" } settings.SettingsEditing.UpdateRowRouteValues = new { Controller = "Home", Action = "grdAccCategoriesPartialUpdate" } settings.SettingsEditing.DeleteRowRouteValues = new { Controller = "Home", Action = "grdAccCategoriesPartialDelete" } settings.KeyFieldName = "Id"

Go to accepted answer
1 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @Reyada,

    I think DevExpress does not send anti forgery token to server. You need to intercept DevExpress's ajax request and add "X-XSRF-TOKEN" token to request headers. You can get it's value using "abp.security.antiForgery.getToken()" on the client side.

    As far as I remember, this ajax interception option can be done in a single point in DevExpress. You can find it in DevExpress documents.

    Thanks.

Assignee
No one
Labels
Non yet