XSRF AntiForgery Validation

[taseaford]

We're running into a strange situation where PUT requests are erroring out due to AntiforgeryValidationException.

We appear to be getting these exceptions no matter where the request comes from: postman, angular front end (not entirely surprising; we probably just don't have the UI configured right. My main concern is with the others), and swagger all consistently produce them. The strange thing is that POST endpoints are unaffected and the PUT endpoints that are affected are all ABP modules. We are just starting with this product so we don't yet have any custom controllers in place.

My understanding based on this is that non-browser clients such as postman are supposed to be unaffected by ABP's xsrf validation. But when we add

Configure<AbpAntiForgeryOptions>(options =>
{
    options.AutoValidate = false;
});

the endpoints start working. So it would seem that something within the AutoValidation is causing the hiccup. Does anyone have a suggestion as to how I can move past this?

ABP: 4.2.0
.NET: 5.0

[aelhadi]

Hello,
Take a look to #7620 maybe it can help.

[taseaford]

I saw that, but I wasn't sure how it fixed the problem. options.AutoValidateIgnoredHttpMethods.Add("POST"); just ignores POST right? As I understand it, it's not actually fixing anything it's just removing the validation. Basically a less drastic version of options.AutoValidate = false;. We will still want validation on those endpoints, just not for non-browser clients.