I did not see any solutions in the forums for sending the Anti-Forgery token as a header (instead of JSON data) in an MVC server control (grid) datasource.
The page has no form but that is OK.
My solution works but I don't know if it is optimal.
The ajaxSetup affects all jQuery Ajax and Posts and that is what Kendo is doing so it gets a chance to locate the <input> value inserted by the Html.AntiForgeryToken() and add it as a request header for the Ajax call.
It would be nice if the DataSource had a Headers() extension like it does the Data() to do this.
Gary Davis
The page has no form but that is OK.
My solution works but I don't know if it is optimal.
The ajaxSetup affects all jQuery Ajax and Posts and that is what Kendo is doing so it gets a chance to locate the <input> value inserted by the Html.AntiForgeryToken() and add it as a request header for the Ajax call.
It would be nice if the DataSource had a Headers() extension like it does the Data() to do this.
Gary Davis
<%: Html.AntiForgeryToken() %>
<script type=
"text/javascript"
>
$(function () {
// For the Kendo Ajax call for paging, etc.
$.ajaxSetup({
// See: ValidateAntiForgeryTokenOnAllPostsAttribute
"beforeSend"
: function (xhr) {
// Affects all Ajax & Posts
var securityToken = $(
"[name=__RequestVerificationToken]"
).val();
xhr.setRequestHeader(
"__RequestVerificationToken"
, securityToken);
}
});
});
</script>