Hi,
I have the following code in a global.js library:
$.ajaxSetup({ // A pre-request callback function used to modify the xhr object before it is sent beforeSend: function(xhr){ // Set csrf if request type is POST, PUT or DELETE if (this.type !== "GET") { xhr.setRequestHeader(csrfHeader, csrfToken); } }});This set the csrf token for any REST call that modifies data (POST, PUT, DELETE).
The problem is that the Upload widget does not use it, and the server requests are being rejected due to missing authorization (403 Response). This forces me to init. my Upload widget with the following callback:
upload: function(e) { // Adds the csrf tokens to perform POST REST calls const xhr = e.XMLHttpRequest; if (xhr) { xhr.addEventListener("readystatechange", function() { if (xhr.readyState === 1 /* OPENED */) { xhr.setRequestHeader(csrfHeader, csrfToken); } }); }}
Please advise why this is necessary and why this is required. Does the Upload not use jQuery to execute the Ajax calls?
Thanks
Grant
2 Answers, 1 is accepted
Rank 3
Iron
Iron
Veteran
Hello Grant,
The Upload widget does not submit the files to the server with an AJAX request. Instead, it creates a form, placed on an iframe. Using that form it posts a FormData request to the server. That is why the ajaxSetup configuration would not affect the upload action of the widget.
Regards,
Veselin Tsvetanov
Progress Telerik