{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 地球回转人心会变 的问题《How to send AntiForgeryToken (CSRF) along with For》','https://www.manongdao.com/q-638387.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
So I want to POST fileUpload along with AntiForgeryToken via AJAX. Here's my code :
View
@using (Html.BeginForm("Upload", "RX", FormMethod.Post, new {id = "frmRXUpload", enctype = "multipart/form-data"}))
{
@Html.AntiForgeryToken()
@Html.TextBoxFor(m => m.RXFile, new {.type = "file"})
...rest of code here
}
<script>
$(document).ready(function(){
$('#btnRXUpload').click(function () {
var form = $('#frmRXUpload')
if (form.valid()) {
var formData = new FormData(form);
formData.append('files', $('#frmRXUpload input[type="file"]')[0].files[0]);
formData.append('__RequestVerificationToken', fnGetToken());
$.ajax({
type: 'POST',
url: '/RX/Upload',
data: formData,
contentType: false,
processData: false
})
}
})
})
</script>
Controller
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Upload()
{
//rest of code here
}
I get
The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster
error via fiddler. Any idea how to solve this issue?
I FOUND THE ANSWER :
<script>
$(document).ready(function(){
$('#btnRXUpload').click(function () {
var form = $('#frmRXUpload')
if (form.valid()) {
var formData = new FormData(form.get(0)); //add .get(0)
formData.append('files', $('#frmRXUpload input[type="file"]')[0].files[0]);
$.ajax({
type: 'POST',
url: '/RX/Upload',
data: formData,
contentType: false,
processData: false
})
}
})
})
</script>
You need to add the token to the request headers, not the form. Like this:
Edit Looking back at how I solved this problem myself, I remember that the standard ValidateAntiForgeryTokenAttribute looks in the Request.Form object which doesn't always get populated for an AJAX request. (In your case, the file upload needs a
multipart/form-datacontent type, whereas a form post for the CSRF token needsapplication/x-www-form-urlencoded. You setcontentType=false, but the two operations need conflicting content types, which may be part of your problem). So, in order to validate the token on the server, you will need to write a custom attribute for your action method that checks for the token in the request header:More info (a bit out of date now) here.
FINALLY FOUND THE ANSWER :
I just need to add
.get(0)in the form, here's the code :