@using (Html.BeginForm("Create", "Posts", FormMethod.Post, new { id = "publish" }))
{
@Html.AntiForgeryToken("Posts/Create")
<input type="text" id="url" name="url" />
<input type="submit" value="@Html.Resource("Publish")" />
}
[HttpPost]
[ValidateAntiForgeryToken]
public JsonResult Create(string url)
{
// stuff that's never reached
}
I can't realize what's making this simple form fail on validating the CSRF token. How can I debug this?
Update
If I remove the Salt, it works; the strange thing is it used to work with the Salt, and I can't figure out why it doesn't anymore.
If you want to use a salt you have to pass it to the ValidateAntiForgeryToken
filter too:
[HttpPost]
[ValidateAntiForgeryToken(Salt = "Posts/Create")]
public JsonResult Create(string url)
{
...