HttpAntiForgeryException occurred on an endpoint

When Open Access dashboards or tiles are embedded in other pages, such as SharePoint, you may see an error where the tiles do not load.

You may see the following error on the embedded Open Access dashboard or tile:

An unknown error occurred attempting to load this content.

And in the SquaredUp log:

[ERR] HttpAntiForgeryException occurred on endpoint: /ext-scomcore-scom/objects

This means that the browser is stripping cookies, specifically the RequestVerificationToken, when requesting data while loading Open Access, the server hosting the Open Access dashboard rejects the request and the tiles on the Open Access dashboard fail to load.

If the dashboard or site is not showing at all see Why isn't my site showing? Troubleshooting embedded websites

Edit the web.config

  1. Find the web.config file located in the SquaredUp DS folder.

    Create a backup of the web.config file by copy and pasting the file to a different location.

  2. Find the following line in the web.config:
    <httpCookies httpOnlyCookies="true" />
    Change it to:
    <httpCookies httpOnlyCookies="true" requireSSL="true" />
    Or if you want to host SquaredUp within another domain, you need to do this instead:
    <httpCookies httpOnlyCookies="true" sameSite="None" requireSSL="true" />
  3. In IIS restart the SquaredUp application pool.

If you are using Iframe embed code you can use the following:

<iframe
src="OpenAccess URL"
width="100%"
height="1000px"
frameborder="0"
scrolling="no"
sandbox="allow-scripts allow-forms allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-top-navigation-by-user-activation">
</iframe>

The code above contains optional settings such as "width" which can be removed if not needed, however it's advised to keep the "sandbox" option which also contributes to this working.

Was this article helpful?

Have more questions or facing an issue?
Submit a ticket