Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I add a custom HTTP Request Header to a Thymeleaf generated Form or Link?

We are using JWT authentication in a Spring Boot application. In order to protect against CSRF attacks we want to send the token back to the server in a custom HTTP header instead of a cookie.

Is there a way to get Thymeleaf to use XMLHttpRequest for the links in generates? We do not want to troll through the templates replacing all th:href anchors with javascript onclick handlers.

like image 377
Mark Miller Avatar asked Nov 02 '16 15:11

Mark Miller


People also ask

How do you add a header to Thymeleaf?

The first part of the statement, fragments/header , is a template name that we are referencing. This can be a file (like in this example) or it can reference to the same file either by using the this keyword (e.g. this :: header ) or without any keyword (e.g. :: header ).

Can I add custom header to HTTP request?

In the Home pane, double-click HTTP Response Headers. In the HTTP Response Headers pane, click Add... in the Actions pane. In the Add Custom HTTP Response Header dialog box, set the name and value for your custom header, and then click OK.

How do I add a header to an HTTP response?

Select the web site where you want to add the custom HTTP response header. In the web site pane, double-click HTTP Response Headers in the IIS section. In the actions pane, select Add. In the Name box, type the custom HTTP header name.

Which is the correct syntax to add HTTP headers to the request?

HTTP headers let the client and the server pass additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon ( : ), then by its value.


1 Answers

short answer: no!

long answer: the question is invalid to be honest. Thymeleaf is just a library to generate HTML/XML. XMLHttpRequest which is also known as AJAX (*) is only used via javascript.

Furthermore it is impossible to send custom headers with form post without javascript. So you need to write some javascript to add custom headers along with your form. This custom javascript should be written by you Thymeleaf has no mechanism to automate it.

* For future comments: I know this is not precise, don't be pedantic ;)


you can add your token to the page like this [see meta tag]:

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
      xmlns:layout="http://www.w3.org/1999/xhtml"
      layout:decorator="Layout">
    <head>
        <title>Example</title>

        <meta name="_jwt" th:content="${yourToken}"/>
    </head>
    ...

then in all ajax request you can read those meta values and add as custom headers.

For example if you are using jQuery you can globally configure all jQuery ajax requests as follows:

$(function(){
    var _token = $('meta[name="_jwt"]').attr('content');

    $.ajaxPrefilter(function (options, originalOptions, jqXHR) {
        jqXHR.setRequestHeader("your_jwt_token_header_name", _token);
    });
});
like image 168
destan Avatar answered Sep 30 '22 07:09

destan