所需的防伪令牌未提供或无效 - 仅限Safari [英] A required anti-forgery token was not supplied or was invalid -- Safari only
问题描述
我有一个asp.net mvc 2项目与典型的xss保护
I have an asp.net mvc 2 project with the typical xss protection
<%= Html.AntiForgeryToken
<%=Html.AntiForgeryToken() %>
inside each form and [ValidateAntiForgeryToken]
on each Post action.
但我在Safari(v 5.1.7)中收到以下错误。
But I get the following error in Safari (v 5.1.7).
System.Web.Mvc.HttpAntiForgeryException:所需的防伪造币
凭证未提供或无效。
System.Web.Mvc.HttpAntiForgeryException: A required anti-forgery token was not supplied or was invalid.
我看到异常的原因是创建的 RequestValidationToken
cookie的过期日期不正确 Mon,01 2001年1月
,而在其他浏览器中正确设置为 Session
。
I see the reason for the exception is the RequestValidationToken
cookie that is created has an incorrect expiration date of Mon, 01 Jan 2001
, while in the other browsers is is correctly set to Session
.
如何让Safari停止为我的反伪造Cookie指定伪造的到期日期?
推荐答案
我解决了这个问题,从IIS中的认证提供程序列表中删除negotiate。
I resolved this problem by removing 'negotiate' from the list of authentication providers in IIS.
与safari的此问题类似:
Similar to this issue with safari:
Windows 7中的Safari 5.x的Windows身份验证问题
这篇关于所需的防伪令牌未提供或无效 - 仅限Safari的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!