Kendo Upload - CSRF Token with ASP.NET

Question

From what I saw, Kendo upload sends the CSRF token in the POST request body. What am I trying to do is to validate this token when making the request to a Web API method, but can't seem to figure it out.

Does anyone have any ideas? Is there something specific that I should override or change?

Thanks.

did you use ValidateAntiFogeryToken attribute to decorate your web api action method? — Khanh TO
Yes. And it's not working for me. Kendo upload sends the token in the POST request body, not in the headers. — Marius Popa

Haider Haider Haider Haider · Accepted Answer · 2020-02-20T12:16:05

see the anser

<meta name="_token" content="csrf_token()" />

<input type="file" name="files" id="photos" />

<script>
  var token = $('meta[name="_token"]').attr('content');  

$("#photos").kendoUpload({
async: {
    saveUrl: "http://url/save"
},
upload: onUpload
});

function onUpload(e) {
var xhr = e.XMLHttpRequest;
if (xhr) {
    xhr.addEventListener("readystatechange", function (e) {
        if (xhr.readyState == 1 /* OPENED */) {
            xhr.setRequestHeader("X-CSRF-TOKEN", token);
        }
    });
 }
}
</script>

Kendo Upload - CSRF Token with ASP.NET

1 Answers