AntiforgeryValidationException log message severity

[SharePointRadi]

Summary

AntiforgeryValidationException log messages are Debug level.

We have an expected behavior of anti-forgery validation errors that come up after cookie expiration. It was very hard to figure it out in a Production environment. File uploading was failing at some point in time (something expires, doesn't matter what), while in dev setups it always works because the expiry times aren't reached.

My suggestion it to reconsider the log level severity. Maybe Information or Warning level.

Motivation and goals

Anti-forgery is also a security concern, so I somewhat feel that Debug level is too low. If it was information level, we would see it much quicker in a production setup, where increasing logs to Debug level is leaning towards a last resort.

No AI model could solve the issue that we had.

[javiercn]

Thanks for contacting us @SharePointRadi.

You can turn configure the antiforgery scope to Debug level specifically if you want/need to. I don't think an Antiforgery failure deserves a warning. It's an expected situation that can happen if the cookie expires or multiple requests happen concurrently and both responses generate a token in parallel.