jeudi 28 janvier 2016

submitting a form works in some instances, but returns error 403 in other instances

I have an mvc3 application which makes use of an ajaxsubmit to a controller action. The <form> opening tag in my page appears like this:

<form action="/application/home/Save?Length=0" class="form-horizontal" data ajax="true" data-ajax-method="POST" data-ajax-mode="after" data-ajax update="#jsonResult" enctype="multipart/form-data" id="inputForm" method="post" role="form">

If i submit this form from within the network that the server is based, the post request will always work. But if i submit the form externally, on occasions i get this generic error:

403 Forbidden: You don't have permission to access /application/home/Save on this server.

The above error doesnt always occur. only in particular instances.

Upon analysing the request headers, The only difference i see is Content-length:

They have the following:enter image description here

The only other difference that i think could be the cause of this issue is in one of the fields in the request payload.

Now one of the fields i pass to the server is in a special code that has tilders and carrot symbols. Here is an example:

Content-Disposition: form-data; name="udfArray"


Whenever the form submit fails, it happens to have the above form data. When it succeeds, the field is set to []

The trouble is, i dont understand why having the code set to ["1~d^testfield~d^R"] should be an issue if it works within the network.

If anyone could point me in the right direction for making this work externally that would be great.

Here is my submit code:

      //options for submit action
        var options = {
            data: {
                udfArray: ko.toJSON(self.TempArray()),
                title: self.title(),
                given_name: self.givenName(),
                //... other fields
            uploadProgress: function () {
            dataType: "json",
            success: function (result) {
              //do something

        $('#inputForm').unbind('submit').submit(function () {

            return false;

Aucun commentaire:

Enregistrer un commentaire