We're getting a request forgery exception when we try to update many of our commerce entities through the CMS back-end:
[InvalidOperationException: This request has probably been tampered with. Close the browser and try again.] EPiServer.Framework.Web.AspNetAntiForgery.ThrowForgeryException() +369 EPiServer.Shell.Services.Rest.RestHttpHandler.ValidateAntiForgeryToken(HttpContextBase httpContext) +357 EPiServer.Shell.Services.Rest.RestHttpHandler.GetController(HttpContextBase httpContext) +108 EPiServer.Shell.Services.Rest.RestHttpHandler.BeginProcessRequest(HttpContextBase context, AsyncCallback callback, Object extraData) +25 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +923 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +157
This occurs when any of the property values are changed, which prevents us from updating the relevant products and categories.
The symptoms are the same as outlined here:
Except we're not using secure cookies.
Any idea what could be causing this?
Found the cause for this, I hope it helps someone.
In our case, the episerver framework basepath was set to an inaccessible network share path. This normally, from past experience, results in errors on startup. In this case, the app worked fine, other than these cross site scripting validation errors. Weird.