From 7c817b1f255564b6055efb9c1a2af2a33c1596cc Mon Sep 17 00:00:00 2001
From: Alex Shleymovich
 <139210761+cx-alex-shleymovich@users.noreply.github.com>
Date: Thu, 4 Jun 2026 16:41:07 +0300
Subject: [PATCH] Handle AntiforgeryValidationException to return 400 instead
 of 500

---
 ...utoValidateAntiforgeryTokenAuthorizationFilter.cs | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/SimplCommerce.Infrastructure/Web/CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter.cs b/src/SimplCommerce.Infrastructure/Web/CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter.cs
index 64700292d7..3cf3f99b70 100644
--- a/src/SimplCommerce.Infrastructure/Web/CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter.cs
+++ b/src/SimplCommerce.Infrastructure/Web/CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter.cs
@@ -1,6 +1,7 @@
-using System.Threading.Tasks;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Antiforgery;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
 
 namespace SimplCommerce.Infrastructure.Web
@@ -28,7 +29,14 @@ public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
                 return;
             }
 
-            await antiforgery.ValidateRequestAsync(httpContext);
+            try
+            {
+                await antiforgery.ValidateRequestAsync(httpContext);
+            }
+            catch (AntiforgeryValidationException)
+            {
+                context.Result = new AntiforgeryValidationFailedResult();
+            }
         }
     }
 }