2

From what I saw, Kendo upload sends the CSRF token in the POST request body. What am I trying to do is to validate this token when making the request to a Web API method, but can't seem to figure it out.

Does anyone have any ideas? Is there something specific that I should override or change?

Thanks.

Marius Popa
  • 564
  • 1
  • 5
  • 22
  • did you use `ValidateAntiFogeryToken` attribute to decorate your web api action method? – Khanh TO Mar 10 '16 at 13:41
  • Yes. And it's not working for me. Kendo upload sends the token in the POST request body, not in the headers. – Marius Popa Mar 10 '16 at 15:11
  • 2
    Asked and [answered](http://stackoverflow.com/questions/11476883/web-api-and-validateantiforgerytoken). – Brett Mar 10 '16 at 21:24

1 Answers1

0

see the anser

<meta name="_token" content="csrf_token()" />

<input type="file" name="files" id="photos" />

<script>
  var token = $('meta[name="_token"]').attr('content');  

$("#photos").kendoUpload({
async: {
    saveUrl: "http://url/save"
},
upload: onUpload
});

function onUpload(e) {
var xhr = e.XMLHttpRequest;
if (xhr) {
    xhr.addEventListener("readystatechange", function (e) {
        if (xhr.readyState == 1 /* OPENED */) {
            xhr.setRequestHeader("X-CSRF-TOKEN", token);
        }
    });
 }
}
</script>
Haider Haider
  • 21
  • 5