From a5ab5a96289a15be34b56efaa60fabfb5ce3fa1b Mon Sep 17 00:00:00 2001
From: Eugeny Tatarincev <et@virtoway.com>
Date: Wed, 12 Feb 2020 12:02:37 +0200
Subject: [PATCH] Disable ValidateAntiForgeryToken for
 DesignerPreviewController.Block

---
 .../Controllers/DesignerPreviewController.cs                   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/VirtoCommerce.Storefront/Controllers/DesignerPreviewController.cs b/VirtoCommerce.Storefront/Controllers/DesignerPreviewController.cs
index 2d8bdec0e..1866fa41b 100644
--- a/VirtoCommerce.Storefront/Controllers/DesignerPreviewController.cs
+++ b/VirtoCommerce.Storefront/Controllers/DesignerPreviewController.cs
@@ -22,7 +22,8 @@ public IActionResult Index()
         }
 
         [HttpPost("designer-preview/block")]
-        [ValidateAntiForgeryToken]
+        //We can't use AntiForgery check here due to IFrame limitations. Browsers don't send cookies from IFrames.
+        //[ValidateAntiForgeryToken]
         public IActionResult Block([FromBody]dynamic data)
         {
             var page = new ContentPage