admin管理员组

文章数量:1313972

according to the docs, I should be able to include the CSRF tokens in the header, grab them with jquery, and include them in the headers of my ajax calls.

Unfortunately, including 

<html class='default' xmlns="" xmlns:th="">
  <head>
    <meta charset='UTF-8'/>
    <meta http-equiv='X-UA-Compatible' content='IE=Edge,chrome=1' />
    <meta name="_csrf" content="${_csrf.token}"/>
    <!-- default header name is X-CSRF-TOKEN -->
    <meta name="_csrf_header" content="${_csrf.headerName}"/>
...
</html>

outputs: 

<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
<meta name="_csrf" content="${_csrf.token}">
<!-- default header name is X-CSRF-TOKEN -->
<meta name="_csrf_header" content="${_csrf.headerName}">

And not the actual token so there is nothing to grab.

Has anyone had success with this way of handling ajax post/puts/deletes?

reference: .2.0.CI-SNAPSHOT/reference/html/csrf.html

according to the docs, I should be able to include the CSRF tokens in the header, grab them with jquery, and include them in the headers of my ajax calls.

Unfortunately, including 

<html class='default' xmlns="http://www.w3/1999/xhtml" xmlns:th="http://www.thymeleaf">
  <head>
    <meta charset='UTF-8'/>
    <meta http-equiv='X-UA-Compatible' content='IE=Edge,chrome=1' />
    <meta name="_csrf" content="${_csrf.token}"/>
    <!-- default header name is X-CSRF-TOKEN -->
    <meta name="_csrf_header" content="${_csrf.headerName}"/>
...
</html>

outputs: 

<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
<meta name="_csrf" content="${_csrf.token}">
<!-- default header name is X-CSRF-TOKEN -->
<meta name="_csrf_header" content="${_csrf.headerName}">

And not the actual token so there is nothing to grab.

Has anyone had success with this way of handling ajax post/puts/deletes?

reference: http://docs.spring.io/spring-security/site/docs/3.2.0.CI-SNAPSHOT/reference/html/csrf.html

  • javascript
  • spring
  • spring-mvc
  • csrf
  • thymeleaf
Share Improve this question asked Dec 17, 2015 at 1:44 goofiwgoofiw 6077 silver badges18 bronze badges 1
  • Did you see this? stackoverflow./questions/25692735/… – salc2 Commented Dec 17, 2015 at 2:00
Add a ment  | 

2 Answers 2

Reset to default 10

You forget the prefix "th". your template should look like this:

<meta id="_csrf" name="_csrf" th:content="${_csrf.token}"/>
<meta id="_csrf_header" name="_csrf_header" th:content="${_csrf.headerName}"/>

and your ajax call:

var token = $('#_csrf').attr('content');
var header = $('#_csrf_header').attr('content');

$.ajax({
    type: "POST",
    url: url,
    beforeSend: function (xhr) {
        xhr.setRequestHeader(header, token);
    },
    success: function (data, textStatus, jqXHR) {
        alert(status);
    },
    error: function (request, status, error) {
        alert(status);
    }
});

Here is how I did my ajax csrf.

$(function() {
var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content"); 

$(document).ajaxSend(function (e, xhr, options) {
xhr.setRequestHeader(header, token);
}
}

I also use ajaxForm plugin to submit forms, in which case i embed the csrf into the action url.

Hope that works for you.

本文标签: javascriptTrying to use ReactAjax calls with Spring MVC and ThymeleafStack Overflow

版权声明:本文标题:javascript - Trying to use ReactAjax calls with Spring MVC and Thymeleaf - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741960515a2407248.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。