HTTP Post Driving You Postal?

The other day I was looking for a way to handle a common dilemma with MVC forms and Sitecore. It goes like this: Put an “Add To Favorites” button in the page header and an email subscription form in the footer. Both do form posts. If the developer uses a common MVC form technique (reusing the action name, just decorating [HttpGet] or [HttpPost]) then both forms get submitted. Sign up for the newsletter and voila, you’ve favorited the page! Whoops. This is because the HTTP post verb is global to the page request.

I’ve worked out a fairly elegant way to handle this, curious your thoughts. The idea is we create a form token that is submitted with the form. If we hit the post action for a form that was not submitted, we return the HttpGet action instead. And of course if the token is valid, we allow the post action to process.

Here is an example implementation.

1. In the controller post actions we add a custom attribute filter named “[MultiformPostProtection]”:

================================
ExampleController.cs
================================

2. In the markup we call a custom HtmlHelper “@Html.MultiformPostProtection()” that renders the appropriate form token (based on MVC action name) as a hidden input field.
================================
FormA.cshtml
================================
================================
FormB.cshtml
================================

And that’s it, magical!

If you use this for every form component, they can all co-exist on the same page and not conflict with each other. And of course, the code to make it all happen; you’ll need this somewhere in your solution:
================================
MultiformPostProtectionExtension.cs
================================


UPDATE: 

Since posting this solution I have learned of earlier posted solutions to this issue: Click Here

Sitecore Habitat also has a helper method Html.AddUniqueFormId(): Click Here

Thanks to the community for being so active and helpful!

Contact_US_CTA

About Author

JamesGregory
James is an NIU grad with a major in computer science, theoretical emphasis, and math minor. He's been developing websites since 2001. After gaining experience designing custom platforms, e-commerce, and automation solutions James joined AmericanEagle.com in 2013, focusing on Sitecore. Twice awarded Sitecore MVP and two time winner of the annual Sitecore Hackathon he continues to help clients get the most out of their technology. When not tinkering with tech, James enjoys disc golf and a good strategy table top game with friends.


Featured Posts