diff --git a/src/OrchardCore/OrchardCore.Mvc.Core/Startup.cs b/src/OrchardCore/OrchardCore.Mvc.Core/Startup.cs
index 590757d77ae..c4aef83ef1b 100644
--- a/src/OrchardCore/OrchardCore.Mvc.Core/Startup.cs
+++ b/src/OrchardCore/OrchardCore.Mvc.Core/Startup.cs
@@ -38,7 +38,9 @@ public override void ConfigureServices(IServiceCollection services)
             var builder = services.AddMvc(options =>
             {
                 // Forcing AntiForgery Token Validation on by default, it's only in Razor Pages by default
-                options.Filters.Add(typeof(AutoValidateAntiforgeryTokenAttribute), 1000);
+                // Load this filter after the MediaSizeFilterLimitAttribute, but before the
+                // IgnoreAntiforgeryTokenAttribute. refer : https://github.com/aspnet/AspNetCore/issues/10384
+                options.Filters.Add(typeof(AutoValidateAntiforgeryTokenAttribute), 999);
 
                 // Custom model binder to testing purpose
                 options.ModelBinderProviders.Insert(0, new CheckMarkModelBinderProvider());