Menu
I have an asp.net mvc 2 project with the typical xss protection
<%=Html.AntiForgeryToken() %> inside each form and [ValidateAntiForgeryToken] on each Post action.
This works as expected in Chrome, Firefox and IE.
But I get the following error in Safari (v 5.1.7).
System.Web.Mvc.HttpAntiForgeryException: A required anti-forgery token was not supplied or was invalid.
I see the reason for the exception is the RequestValidationToken cookie that is created has an incorrect expiration date of Mon, 01 Jan 2001, while in the other browsers is is correctly set to Session.
How can I make Safari stop assigning a bogus expiration date to my Anti-Forgery cookie?
940
I resolved this problem by removing 'negotiate' from the list of authentication providers in IIS.
Similar to this issue with safari:
Windows Authentication issue with Safari 5.x in Windows 7
112
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
