Browser Error: No Anti-Cross Site Request Forgery cookie found in request
K2 has protection mechanisms for Cross Site Request Forgery. Under some conditions, you may receive an error in Internet Explorer.
The following error may occur when using Internet Explorer version 11.0.9600.xxxxx. The error is rare but you may encounter it when working with K2 forms in SharePoint.
This error occurs when a form makes a request and the Anti-Cross Site Request Forgery cookie is missing. The request is blocked by the Cross-Site Request Forgery protection mechanism. You may also see this error when you have a form open, you manually clear your browser cache, and then you click a button or perform an action on the form without first refreshing it. Doing this in any browser also causes this error.
To resolve the error, try one or more of the following actions:
- Refresh the browser
- Restart the browser after clearing your cache
- Try using a different browser, such as Google Chrome. If that doesn't resolve the error, contact K2 Support.
Although not recommended due to the added security risk, you can temporarily disable the Anti-XSRF mechanism. Disable the Anti-XSRF mechanism by adding the following configuration in the appSettings node of the SmartForms Runtime web.config file:
<add key="AntiXSRF.Enabled" value="false" />
There is a similar error that is not related to the error above, specifically: No Anti-Cross Site Request Forgery token found in request
The missing token error indicates one of the following conditions:
- You have a custom control on the form that is under development or missing code
- Your server is under attack from a malicious site
See the K2 User Guide for information on Implementing CSRF validation for Custom Controls.