Hi,
I have the following code in a global.js library:
$.ajaxSetup({
// A pre-request callback function used to modify the xhr object before it is sent
beforeSend: function(xhr){
// Set csrf if request type is POST, PUT or DELETE
if (this.type !== "GET") {
xhr.setRequestHeader(csrfHeader, csrfToken);
}
}
});
This set the csrf token for any REST call that modifies data (POST, PUT, DELETE).
The problem is that the Upload widget does not use it, and the server requests are being rejected due to missing authorization (403 Response). This forces me to init. my Upload widget with the following callback:
upload: function(e) {
// Adds the csrf tokens to perform POST REST calls
const xhr = e.XMLHttpRequest;
if (xhr) {
xhr.addEventListener("readystatechange", function() {
if (xhr.readyState === 1 /* OPENED */) {
xhr.setRequestHeader(csrfHeader, csrfToken);
}
});
}
}
Please advise why this is necessary and why this is required. Does the Upload not use jQuery to execute the Ajax calls?
Thanks
Grant