Anti-forgery errors are found in the Sitecore Identity server logs every 5 minutes

  • Anti-forgery errors may occur in the Application Insights approximately every 5 minutes. The issue happens due to the Always On setting on the Azure Web Site. Every 5 minutes Azure pings the Sitecore Identity server URL with an HTTP request. However, the current Azure implementation does not support the ability to change the request to HTTPS or change the default ping route. Even though the request finishes with an error, it successfully completes its purpose to keep the application alive. The following messages can be found in the log:

    System.InvalidOperationException: The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, but the current request is not an SSL request.
       at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.CheckSSLConfig(HttpContext context)
       at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.GetAndStoreTokens(HttpContext httpContext)
       at Microsoft.AspNetCore.Mvc.ViewFeatures.AntiforgeryExtensions.GetHtml(IAntiforgery antiforgery, HttpContext httpContext)
  • To resolve the issue, download and install the hotfix compatible with Sitecore XP 9.2 Initial release: SC Hotfix 379244-1 Sitecore.IdentityServer 3.0.0.zip.

    Be aware that the hotfix was built for a specific Sitecore XP version, and must not be installed on other Sitecore XP versions or in combination with other hotfixes. In case any other hotfixes have already been installed on certain Sitecore XP instance, send a request for a compatibility check to Sitecore Support.
    Note that the ZIP file contents need to be extracted to locate installation instructions and related files inside. The hotfixes must be installed on a CM instance and then synced with other instances using standard development practices.

Applies to:

CMS 9.2 Initial Release+

January 28, 2020
January 28, 2020

Reference number:

354521