Valums File Uploader - Including ValidateAntiForgeryToken

Question

I\'m trying to protect my upload controller method using the MVC ValidateAntiForgeryToken but I\'m struggling to work out how to get the __RequestVerification

Answer 1

I am using version 5.11.10 of FineUploader (rename of Valum's FileUploader FineUploader history mentioned) and it does contain the feature to specify a form, see Form Options

An example of a FineUpload with AntiForgeryToken validation if your form doesn't contain any other form values is to include a form with some id (testForm in below example) with the AntiForgeryToken.

@using (Html.BeginForm(MVCHelpers.Bank.Transactions.UploadFile(), FormMethod.Post, new { id = "testForm" }))
{
    @Html.AntiForgeryToken()
}

And in the FineUploader specify the form it has to send also:

<div id="fileUploadContainer"></div>
<script>
    var uploader = new qq.FineUploader({
        element: document.getElementById("fileUploadContainer"),
        ...
        form: {
            element: "testForm",
            autoUpload: true
        }
    });
</script>

This enables you to upload files in combination with [ValidateAntiForgeryToken] on your Action. You can also specify a real form if the upload is part of other form values, by specifying the id of that form. Pay attention to the autoUpload true since it's false by default when you set a form element.

Answer 2

If you look in the source code it looks like you could add the antiforgery token code to the _createForm: function(iframe, params){...} portion of the uploader and be good to go. See the two answers here for more help.