Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    How can I add a CSRF token to a ListGrid.exportData() call?

    Hi ho,

    I am trying to use the ListGrid.exportData() method but it doesn't work out of the box because the POST which is generated doesn't include the CSRF token in the header.

    Trying:
    grid.exportData({
    httpHeaders : {
    "X-CSRF-TOKEN" : my.csrf.token
    }
    });

    Doesn't work and doesn't appear to add the header to the request either. Is there a way to add a header value or manipulate the POST that is generated by the exportData call?

    Cheers,
    Evan

    Request headers:

    POST /ziz/isomorphic/IDACall/Results.csv?isc_rpc=1&isc_v=v11.1p_2017-07-09&isc_tnum=10
    HTTP/1.1
    Host: dev01.prosolve.systems
    Connection: keep-alive
    Content-Length: 20355
    Cache-Control: max-age=0
    Origin: https://dev01.prosolve.systems
    Upgrade-Insecure-Requests: 1
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Referer: https://dev01.prosolve.systems/ziz/documentcontrol Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=92BA456D53B93C397FF9A50CA64DA1CC; GLog=%7B%0A%20%20%20%20trackRPC%3Afalse%2C%20%0A%20%20%20%20isc_pageURL%3A%22https%3A//dev01.prosolve.systems/ziz/documentcontrol%22%2C%20%0A%20%20%20%20isc_pageGUID%3A%228BEA83ED-03AA-4E41-BCEA-AFB77EA548BD%22%2C%20%0A%20%20%20%20priorityDefaults%3A%7B%0A%20%20%20%20%20%20%20%20sgwtInternal%3A1%2C%20%0A%20%20%20%20%20%20%20%20ListGrid%3A1%0A%20%20%20%20%7D%2C%20%0A%20%20%20%20defaultPriority%3A1%2C%20%0A%20%20%20%20left%3A-1286%2C%20%0A%20%20%20%20top%3A0%2C%20%0A%20%20%20%20width%3A640%2C%20%0A%20%20%20%20height%3A624%0A%7D; isc_cState=read

    Browser trace:

    ISC_Core.js?isc_vers…_2017-07-09.js:1746 POST https://dev01.prosolve.systems/ziz/i...09&isc_tnum=10 403 (Forbidden)
    isc_HiddenFrame_sendData @ ISC_Core.js?isc_vers…_2017-07-09.js:1746
    isc_HiddenFrame_sendForm @ ISC_Core.js?isc_vers…_2017-07-09.js:1740
    isc_c_Comm_sendHiddenFrame @ ISC_DataBinding.js?i…_2017-07-09.js:2113
    isc_c_RPCManager__sendQueue @ ISC_DataBinding.js?i…_2017-07-09.js:1244
    isc_c_RPCManager_sendQueue @ ISC_DataBinding.js?i…_2017-07-09.js:1224
    isc_c_RPCManager_sendNoQueue @ ISC_DataBinding.js?i…_2017-07-09.js:1180
    isc_c_RPCManager_sendRequest @ ISC_DataBinding.js?i…_2017-07-09.js:1170
    isc_DataSource_performSCServerOperation @ ISC_DataBinding.js?i…_2017-07-09.js:2095
    isc_DataSource_sendDSRequest @ ISC_DataBinding.js?i…p_2017-07-09.js:618
    isc_DataSource_performDSOperation @ ISC_DataBinding.js?i…p_2017-07-09.js:591
    isc_DataSource_exportData @ ISC_DataBinding.js?i…p_2017-07-09.js:563
    isc_Canvas_exportData @ ISC_Core.js?isc_vers…_2017-07-09.js:3839










    #2
    exports are done as a post to a hidden frame since the result is a file. We recommend simply placing the CSRF in the URL. This is also the simplest way to make sure the CSRF is present for all server calls, by modifying the default RPCManager.actionURL to add the CSRF.

    Comment


      #3
      Thanks, I'll give that a go.

      Yep, that worked. I now initialize the actionURL at startip with

      RPCManager.actionURL = '[ISOMORPHIC]/IDACall?' + my.csrf.parameterName + "=" + my.csrf.token

      And it works a treat.
      Last edited by prosolve1; 19 Feb 2019, 16:58.

      Comment

      Working...
      X