Safari将空白表格发布到我的服务器上 [英] Safari posting blank form to my server

问题描述

简短的问题:Safari浏览器为什么会在我的MVC3 Web应用程序上导致错误-Request.Form由于某些原因为空白?

Short question: Why does safari cause errors on my MVC3 web application - Request.Form is blank for some reason?

详细问题:每当有未捕获的异常时，我的MVC3网站都会向我发送一封电子邮件.我使用它们来快速查找和修复错误，电子邮件中包含异常，堆栈跟踪，用户的IP地址，用户代理字符串以及可能已发布的任何表单值.

Detailed question: My MVC3 website sends me an email every time there is an uncaught exception. I use these to find and fix bugs quickly, the email contains the exception, stack trace, user's IP address, user-agent string, and any form values that may have been posted.

最近，我一直注意到难以证明的错误，我想在这里发表自己的发现，希望对其他人有所帮助.

Recently I have been noticing errors that have proven hard to track down, I thought I would post my findings here in the hope they help others.

最初的症状是这些错误:System.Web.Mvc.HttpAntiForgeryException:未提供必需的防伪令牌或该令牌无效.

The original symptom was these errors: System.Web.Mvc.HttpAntiForgeryException: A required anti-forgery token was not supplied or was invalid.

我的表单的操作引发了错误，而且我无法弄清楚有人是如何使页面进入没有__RequestVerificationToken隐藏字段或其他表单字段的状态的.

My form's action was throwing the error, and I couldn't figure out how anyone was getting the page into a state where it didn't have the __RequestVerificationToken hidden field, or the other form fields.

所以我花了很长时间研究cookie以及令牌的工作原理，最终才删除了ActionResult上的[ValidateAntiForgeryToken]属性以了解它的运行方式-尽管我仍然有错误.

So I spent ages looking into cookies, and how the token works, and eventually just removed the [ValidateAntiForgeryToken] attribute on my ActionResult to see how it went - I still got errors though.

然后我注意到useragent字符串显示仅是导致问题的Safari 5.1.7.

Then I noticed that the useragent strings showed it was only Safari 5.1.7 causing the issue.

推荐答案

简短答案:不要忘了添加[HttpPost]属性！

Short Answer: Don't forget to add a [HttpPost] attribute!!!

    [HttpPost]
    [ValidateAntiForgeryToken]
    public ActionResult PageSubmit() {

更长的答案:Safari具有一项功能，它们可以在墙壁式屏幕上显示您访问过的热门站点".在我的网站上，尽管我有多个页面，但它们都提交给同一表单操作.这使表单操作非常受欢迎"，并出现在顶部站点上.

Longer Answer: Safari has a feature where they show the "top sites" you've visited on a wall-style screen. On my site although I had multiple pages, they all submit to the same form action. This made the form action "very popular", and it appears on the top sites.

然后，人们可以单击该站点，该站点正在直接获取到我的处理页面，没有表单变量，并且会导致错误.

People can then click the site, which was doing a direct GET to my processing page, with no form variables, and causing the errors.

我添加了[HttpPost]属性，如果单击它，现在为404.

I added the [HttpPost] attribute and now it 404's if you click it.

以下是有关预览功能的一些额外信息: Safari热门网站预览可以检查服务器变量:

Here is some extra info on the preview feature: Safari Top Sites Preview it appears you can check for a server variable:

Request.ServerVariables["HTTP_X_PURPOSE"] == "preview"

还有一个可以执行的javascript检查:

and there is a javascript check you can do too:

window.navigator&&window.navigator.loadPurpose==="preview"

我希望这可以节省一些时间.

I hope this saves someone some time.

这篇关于Safari将空白表格发布到我的服务器上的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！