This is a migrated thread and some comments may be shown as answers.

Rails & Anti-forgery Tokens

3 Answers 363 Views
Upload
This is a migrated thread and some comments may be shown as answers.
Tim
Top achievements
Rank 1
Tim asked on 01 Dec 2011, 01:45 AM
I'm using kendo upload with Rails, and I had to hack the kendo.upload.js source code to get a feature that didn't seem to be apparent.

Basically, we need to submit a custom anti-CSRF token with every POST.

In kendo.upload, there is the method:

function getAntiForgeryTokens() {
    var tokens = { };
    $("input[name^='__RequestVerificationToken']").each(function() {
        tokens[this.name] = this.value;
    });
 
    return tokens;
}

However, in Rails, this token is called authenticity_token. It seems like we have to do something like this:

$(thing).kendoUpload({
  // ...
  upload: function(event) {
    event.data = {
      authenticity_token: $("input[name=authenticity_token]").val()
    };
  }
});

Can we get authenticity_token added by default in the future? :)

3 Answers, 1 is accepted

Sort by
0
Petyo
Telerik team
answered on 01 Dec 2011, 09:37 AM
Hello Tim,

Thanks for bringing our attention to this. We are going to include this as a built-in feature for the next release. 

Meanwhile, I think that the better way to handle this case would be to use the meta tags contents:

function appendRailsTokens(event) {
    var csrf_token = $('meta[name=csrf-token]').attr('content'),
        csrf_param = $('meta[name=csrf-param]').attr('content');
 
    if (csrf_param !== undefined && csrf_token !== undefined) {
      event.data = {};
      event.data[csrf_param] = csrf_token;
    }
}
 
$(document).ready(function() {
    $("#files").kendoUpload({
async: {saveUrl:
"..."},
upload: appendRailsTokens
  }
      );
});

jQuery-ujs does it this way.

All the best,
Petyo
the Telerik team
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
0
Ryan
Top achievements
Rank 1
answered on 27 Aug 2012, 01:56 PM
Is this still the preferred way to set request headers for the upload control or has this been baked in as mentioned? Just thought I'd check since this post is from back in Dec 2011. 

-Ryan
0
T. Tsonev
Telerik team
answered on 28 Aug 2012, 01:39 PM
Hello,

The Rails anti-CSRF tokens will be sent automatically. There's no need to use this workaround any more.

Best wishes,
Tsvetomir Tsonev
the Telerik team
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
Tags
Upload
Asked by
Tim
Top achievements
Rank 1
Answers by
Petyo
Telerik team
Ryan
Top achievements
Rank 1
T. Tsonev
Telerik team
Share this question
or