jQuery Ajax calls and the Html.AntiForgeryToken()

前端 未结 20 2372
鱼传尺愫
鱼传尺愫 2020-11-22 16:34

I have implemented in my app the mitigation to CSRF attacks following the informations that I have read on some blog post around the internet. In particular these post have

20条回答
  •  有刺的猬
    2020-11-22 17:38

    Here is the easiest way I've seen. Note: Make sure you have "@Html.AntiForgeryToken()" in your View

      $("a.markAsDone").click(function (event) {
            event.preventDefault();
            var sToken = document.getElementsByName("__RequestVerificationToken")[0].value;
            $.ajax({
                url: $(this).attr("rel"),
                type: "POST",
                contentType: "application/x-www-form-urlencoded",
                data: { '__RequestVerificationToken': sToken, 'id': parseInt($(this).attr("title")) }
            })
            .done(function (data) {
                //Process MVC Data here
            })
            .fail(function (jqXHR, textStatus, errorThrown) {
                //Process Failure here
            });
        });
    

提交回复
热议问题