ajax - Enable Antiforgery Token with ASP.NET Core and JQuery -


i using jquery asp.net core 1.0.1 , have ajax call:

$("#send-message").on("submit", function (event) {   event.preventdefault();   var $form = $(this);      $.ajax({     url: "api/messages",     data: json.stringify($form.serializetojson()),     datatype: "json",     headers: {       accept: "application/json",       "content-type": "application/json"     },     type: "post"   })   .done(function (data, status, xhr) { })   .fail(function (xhr, status, error) { });

to asp.net core action:

[httppost("messages")] public async task<iactionresult> post([frombody]messagepostapimodelmodel model) {    // send message }

the form in shared view , following:

<form id="send-question" method="post">   <textarea name="content"></textarea>   <button class="button" type="submit">enviar</button> </form>

when submit form error:

microsoft.aspnetcore.antiforgery.antiforgeryvalidationexception: required antiforgery header value "requestverificationtoken" not present.

how can enable asp.net core's antiforgerytoken jquery ajax calls?

update

i need add following asp-controller , asp-action form:

<form asp-controller="questionapi" asp-action="post" id="send-question" method="post"> </form>

this generate antiforgery token. , needed manually add token headers of jquery call follows:

  headers: {     "accept": "application/json",     "content-type": "application/json",     "requestverificationtoken": $form.find("input[name='af_token']").val()   },

is there better way this?

how solve when there not form , have tag when clicked makes ajax call? can generate common antiforgery token on page head used ajax calls page?

mode777's answer needs small addition make work (i tried it):

$(document).ajaxsend(function(e, xhr, options) {     if (options.type.touppercase() == "post") {         var token = $form.find("input[name='af_token']").val();         xhr.setrequestheader("requestverificationtoken", token);     } });

actually, if submit using ajax, don't need use form @ all. put in _layout:

 <span class="antiforge"> @html.antiforgerytoken() </span>

then pickup token adding javascript:

$(document)    .ajaxsend(function (event, jqxhr, settings) {         if (settings.type.touppercase() != "post") return;         jqxhr.setrequestheader('requestverificationtoken', $(".antiforge" + " input").val()) })

the @htmlantiforgerytoken generates hidden input field antiforgery token, same when using form. code above finds using class selector select span, gets input field inside collect token , add header.


Comments

Post a Comment

Popular posts from this blog

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more