Aug 09, 2015, 4:30 AM
[CLOSED] XSRF AntiForgeryToken with AjaxProxy
We are using a Store (for a GridPanel) which is loaded using an AjaxProxy.
However, [ValidateAntiForgeryToken] is not supported.
This web-page provides a method to add the AntiForgeryToken checking for JSON requests. We have successfully added the new class and applied the [ValidateJsonAntiForgeryTokenAttribute] to our controller. We have also added additional fields to the header of the RESTPROXY.
Question: Can we use Html.X().AntiForgeryField() to provide the value of input["__RequestVerificationToken"] to the new field we have added to the AJAX header?
However, [ValidateAntiForgeryToken] is not supported.
This web-page provides a method to add the AntiForgeryToken checking for JSON requests. We have successfully added the new class and applied the [ValidateJsonAntiForgeryTokenAttribute] to our controller. We have also added additional fields to the header of the RESTPROXY.
Question: Can we use Html.X().AntiForgeryField() to provide the value of input["__RequestVerificationToken"] to the new field we have added to the AJAX header?
.Store(
Html.X().StoreForModel().Control(s =>
{
s.AutoSync = true;
s.Proxy.Add(
new RestProxy
{
AppendAction = false,
@*ActionMethods = { Read = Ext.Net.HttpMethod.POST, Create = Ext.Net.HttpMethod.POST },*@
Reader = {
new JsonReader {
RootProperty = "data",
MessageProperty = "message"
}
},
API =
{
Read = Url.Action("Read"),
Update = Url.Action("Update"),
Create = Url.Action("Create"),
Destroy = Url.Action("Destroy")
},
Writer = {
new JsonWriter
{
AllowSingle = true
}
},
Headers = {
new Ext.Net.Parameter("__RequestVerificationToken", Html.X().AntiForgeryField())
}
}
);
s.Listeners.Write.Fn = "onWrite";
s.Listeners.Write.Delay = 1;
})
)
Last edited by Daniil; Aug 12, 2015 at 11:17 AM.
Reason: [CLOSED]