Menu
I need to pass CSRFToken with Ajax based post request but not sure how this can done in a best way. Using a platform which internally checking CSRFToken in request (POST request only)
initially I was thinking to add it to header like
$(function() { $.ajaxSetup({ headers : { 'CSRFToken' : getCSRFTokenValue() } }); }); Which will make it available to each Ajax request, but it will not work for my case, since in request CSRFToken is still coming as null.
Is there any way I can set CSRFToken for all Ajax call dealing with POST type
Edit If I do something like this in my Ajax call
data: {"newsletter-subscription-email" : "XXX" , 'CSRFToken': getCSRFTokenValue()}, Everything is working fine.
My Issue is, I want to pass CSRFToken value as a request parameter and not as a request header
537
A CSRF attack can either leverage a GET request or a POST request (though a POST request is more complicated and is thus uncommon). Either one needs to start with an attacker tricking a victim into loading or submitting the information to a web application.
How about this,
$("body").bind("ajaxSend", function(elm, xhr, s){ if (s.type == "POST") { xhr.setRequestHeader('X-CSRF-Token', getCSRFTokenValue()); } }); Ref: http://erlend.oftedal.no/blog/?blogid=118
To pass CSRF as parameter,
$.ajax({ type: "POST", url: "file", data: { CSRF: getCSRFTokenValue()} }) .done(function( msg ) { alert( "Data: " + msg ); }); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
