XMLHttpRequest and redirects

Question

I am using Dropzone to pimp the file upload of an existing form - the whole thing must continue to behave like if it would be an ordinary HTML form. Dropzone is flexible, I intercept clicks on my button(s) and call Dropzone.processQueue() from there which internally does an XMLHttpRequest with the form data as the payload - works as intended, submitting the form just like it should.

Edit, as my description seemd to be confusing: I am basically following this HOWTO https://docs.dropzone.dev/configuration/tutorials/combine-form-data-with-files and the problem/question results from (and only consists of) the line redirect user or notify of success.

However: The application returns a 303 redirect on the POST request followed by an HTML page, and this page should be presented to the user. I can see to ways to proceed:

a) catch the result of the POST request, extract the location header and redirect the browser. I'd strongly prefer this, but unfortunately it does not seem possible: Prevent redirection of Xmlhttprequest

b) let XMLHttpRequest (nolens volens) follow the redirect, catch the result of the GET request and display it:

let newHTML = document.open('text/html', 'replace');
newHTML.write(htmlResponse);
newHTML.close();

This is not beautiful, but it works - as far as HTML is concerned. However I get several errors like Refused to execute inline script because it violates the following Content Security Policy directive for obvious reasons (and scripts won't work). Allowing unsafe-inline is not an option here; is there any way to let the browser behave as if a string were the result of a request (which in fact it is, but nobody knows...)?

Is there any clean solution to this?

*for some reasons the whole thing must behave like if it would be an ordinary HTML form* for what reason exactly? It's hard to understand your setup. Why don't you let your server redirect you? — Konrad, Aug 26 '22 at 15:47
Genuine problem is that the result of the redirect should be presented to the user, but if I let XMLHttpRequest follow the redirect (which I might be unable to prevent) I have the HTML code in a string variable instead. Normally the response to the dropzone would (e.g.) a JSON with a result to be presented on the same screen. Here, for some reasons this is not possible. — SlowFox, Aug 26 '22 at 17:25
This is what I do - the problem is not Dropzone but what happens afterwards. — SlowFox, Aug 26 '22 at 17:28
I still don't understand why you are using `XMLHttpRequest` if you want to be redirected. — Konrad, Aug 26 '22 at 17:30
*This* is indeed built in Dropzone. I'd have to move to something else to get rid of it. Plain has been working there before, but is not user-friendly enough. — SlowFox, Aug 26 '22 at 17:48
The documentation states that it should work like a normal input. — Konrad, Aug 26 '22 at 17:53
Maybe I am just blind? I see `submitRequest(xhr, formData, files)` in https://github.com/dropzone/dropzone/blob/main/src/dropzone.js and this is called by processQueue(). — SlowFox, Aug 26 '22 at 18:06
Hmmm, why don't you just submit the form instead of calling this `processQueue`? — Konrad, Aug 26 '22 at 18:09
processQueue() is taking care of the (nice) file-UI. Plain form submission would not upload any files - I'd have to go back to instead. — SlowFox, Aug 26 '22 at 18:14
Well, yes - but this says nothing about how the request is done. I did not manage to do anything else than the XMLHttpRequest (and I think it is not possible, but I may be wrong). — SlowFox, Aug 26 '22 at 18:17
The request is done using html form. Add `button` with attribute `type="submit"` to form and then click it. — Konrad, Aug 26 '22 at 18:18
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/247595/discussion-between-slowfox-and-konrad-linkowski). — SlowFox, Aug 26 '22 at 21:24

XMLHttpRequest and redirects

0 Answers0