ASP.net MVC AntiForgeryToken over AJAX

前端未结

关注

 6  1886

清酒与你 2020-12-10 16:08

I am currently developing an MVC application in ASP.net. I am using AJAX.ActionLink to provide a delete link in a list of records, however this is very insecure. I have put

6条回答

無奈伤痛 (楼主)

2020-12-10 16:28

Use AntiForgeryToken with Ajax.ActionLink

In addition to jjwhite01 response; to insert the token in Form data, use option.data in Prefilter

$.ajaxPrefilter(
    function (options, localOptions, jqXHR) {
        if (options.type !== "GET") {
            var token = GetAntiForgeryToken();
            if (token !== null) {
                if (options.data.indexOf("X-Requested-With") === -1) {
                    options.data = "X-Requested-With=XMLHttpRequest" + (options.data === "") ? "" : "&" + options.data;
                }
                options.data = options.data + "&" + token.name + '=' + token.value;
            }
        }
    }
);

0 讨论(0)

查看其它6个回答