SharePoint 2010: The security validation for this

2019-07-09 03:08发布

站内问答 / 前沿技术
1267 3 4

here's my Javascript code to retrieve items is a SharePoint 2010 (SP) list. 

var clientContextPath = "/path/site1";
var clientContext = new SP.ClientContext(clientContextPath);
var oList = clientContext.get_web().get_lists().getByTitle(list); 
var camlQuery = new SP.CamlQuery(); 
...

However, if I want to retrieve from other site i.e.

var clientContextPath = "/path/site2";

then same code generates exception " The security validation for this page is invalid". This is within the same Domain, so it's not something to do with XSS.

Interestingly, same code works fine when I use another Site 

var clientContextPath = "/path/site3";

Please help. thank you.

3条回答
萌系小妹纸
2楼-- · 2019-07-09 03:33

A much simpler way

UpdateFormDigest(_spPageContextInfo.webServerRelativeUrl, _spFormDigestRefreshInterval)

This is native method is sharepoint. Just add this method before calling ajax request or executeQueryAsync().

Source: http://www.wictorwilen.se/sharepoint-2013-how-to-refresh-the-request-digest-value-in-javascript

查看更多
0人赞 添加讨论(0) 举报
疯言疯语
3楼-- · 2019-07-09 03:44

I've just tried this solution, and I was sure it was not going to work but...it did! Basically it's an Ajax request to gather the new token from SharePoint.

$.ajax({
        url: projecturl + "/_api/contextinfo",
        method: "POST",
        headers: { "Accept": "application/json; odata=verbose"},
        success: function (data) {
            $('#__REQUESTDIGEST').val(data.d.GetContextWebInformation.FormDigestValue);

            EnsureScriptFunc('sharing.js', 'DisplaySharingDialog', function () { DisplaySharingDialog(projecturl) });

        },
        error: function (data, errorCode, errorMessage) {
            alert(errorMessage)
        }
    });
查看更多
0人赞 添加讨论(0) 举报
来,给爷笑一个
4楼-- · 2019-07-09 03:54

Make sure the page you are running your javascript has this control on it:

<SharePoint:FormDigest runat="server" />

The FormDigest add a security token inside your page based on user, site and time. Once the page is posted back the security token is validated. Once the security token is generated it’s valid for a configurable amount of time.

http://ranaictiu-technicalblog.blogspot.com.au/2010/02/sharepoint-2010-client-object-model-for.html

UPDATE: if the above does not work, try this just before you execute the query:

function CustomUpdateFormDigest()
{
    if(window._spPageContextInfo != null)
    {
        var $v_2 = window._spPageContextInfo;
        var $v_3 = $v_2.webServerRelativeUrl;
        var $v_4 = window._spFormDigestRefreshInterval;
        UpdateFormDigest($v_3, $v_4);
    }
}
CustomUpdateFormDigest();

This worked for me when my only options was to turn off page validation.

UPDATE 2:

Seems like you probably hit a sharepoint bug. Maybe try to go through the Cumulative Updates, or as a last resort turn page validation off, just make sure you understand the security implications of this option

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)