I'm using kendo upload with Rails, and I had to hack the kendo.upload.js source code to get a feature that didn't seem to be apparent.
Basically, we need to submit a custom anti-CSRF token with every POST.
In kendo.upload, there is the method:
However, in Rails, this token is called authenticity_token. It seems like we have to do something like this:
Can we get authenticity_token added by default in the future? :)
Basically, we need to submit a custom anti-CSRF token with every POST.
In kendo.upload, there is the method:
function getAntiForgeryTokens() { var tokens = { }; $("input[name^='__RequestVerificationToken']").each(function() { tokens[this.name] = this.value; }); return tokens;}However, in Rails, this token is called authenticity_token. It seems like we have to do something like this:
$(thing).kendoUpload({ // ... upload: function(event) { event.data = { authenticity_token: $("input[name=authenticity_token]").val() }; }});Can we get authenticity_token added by default in the future? :)
3 Answers, 1 is accepted
0
Hello Tim,
Thanks for bringing our attention to this. We are going to include this as a built-in feature for the next release.
Meanwhile, I think that the better way to handle this case would be to use the meta tags contents:
jQuery-ujs does it this way.
All the best,
Petyo
the Telerik team
Thanks for bringing our attention to this. We are going to include this as a built-in feature for the next release.
Meanwhile, I think that the better way to handle this case would be to use the meta tags contents:
function appendRailsTokens(event) { var csrf_token = $('meta[name=csrf-token]').attr('content'), csrf_param = $('meta[name=csrf-param]').attr('content'); if (csrf_param !== undefined && csrf_token !== undefined) { event.data = {}; event.data[csrf_param] = csrf_token; }}$(document).ready(function() { $("#files").kendoUpload({
async: {saveUrl: "..."},
upload: appendRailsTokens
}
);
});jQuery-ujs does it this way.
All the best,
Petyo
the Telerik team
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
0
Ryan
Top achievements
Rank 1
Rank 1
answered on 27 Aug 2012, 01:56 PM
Is this still the preferred way to set request headers for the upload control or has this been baked in as mentioned? Just thought I'd check since this post is from back in Dec 2011.
-Ryan
-Ryan
0
Hello,
The Rails anti-CSRF tokens will be sent automatically. There's no need to use this workaround any more.
Best wishes,
Tsvetomir Tsonev
the Telerik team
The Rails anti-CSRF tokens will be sent automatically. There's no need to use this workaround any more.
Best wishes,
Tsvetomir Tsonev
the Telerik team
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!