Why ngx-uploader doesn't like to coop…

2018-11-09 02:36:48来源:博客园 阅读 ()

新老客户大回馈,云服务器低至5折

The POST action seems to have no effect on the .net core controller.

If you put [IgnoreAntiforgeryToken] attribute on the server controller method, it works. But dont' leave it like that exposing vulnerability.

Turns out, Angular uses a particular header name "X-XSRF-TOKEN" to store token for the server to accept: https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-2.1#angularjs

The following client code snippet in the Angular 6 component works. It's just part of ngx-uploader sample code. Only to note the headers line.

const event: UploadInput = {
type: 'uploadAll',
url: this.UPLOAD_API_URL + '?guid=' + this.guid,
method: 'POST',
headers: {'X-XSRF-TOKEN': this._cookieService.get("XSRF-TOKEN")},
withCredentials: true,
data: { foo: 'bar' }
};

_cookieService is an injected service using ngx-cookie. You may use any cookie tool.

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:Vue.js-05:第五章 - 计算属性与监听器

下一篇:JavaScript -- 时光流逝(十三):DOM -- Console 对象