jqueryasp.net-mvccsrf-protectionantiforgerytoken
__RequestVerificationToken is not present with Ajax POST
I'm using jQuery DataTales to request a POST URL from MVC5 and trying to add an anti-forgery token. I've added it to both the headers and also the request body, but still get a 500 error: "The required anti-forgery form field "__RequestVerificationToken" is not present."
The form:
<form id="my-units-form" action="@Url.Action("MyUnitsResults", "Provider")" class="form-horizontal criteria well well-sm">
@Html.AntiForgeryToken()
....
The JavaScript:
$userDt = $('#users-table')
.DataTable({
serverSide: true,
ordering: false,
searching: true,
ajax: {
"url": url,
"type": "POST",
'contentType': 'application/json',
"dataType": "json",
headers: { '__RequestVerificationToken': $('form input[name=__RequestVerificationToken]').val() },
data: function (d) {
d.__RequestVerificationToken= $('form input[name=__RequestVerificationToken]').val();
return JSON.stringify(d);
}
},
Solution
If your stringifying the data and using contentType: 'application/json, then add the token to the ajax headers only (it will not be read from the body).
You then you need to create a custom FilterAttribute to read the value from the headers
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false, Inherited = true)]
public sealed class ValidateHeaderAntiForgeryTokenAttribute : FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
var httpContext = filterContext.HttpContext;
var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName];
AntiForgery.Validate(cookie != null ? cookie.Value : null, httpContext.Request.Headers["__RequestVerificationToken"]);
}
}
and in your controller method, replace the [ValidateAntiForgeryToken] attribute with [ValidateHeaderAntiForgeryToken]
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices