For CSRF Protection and AJAX Requests and sending forms with a formbuilder everything works fine cause _Token[fields] etc. will be added and my CSRF Protection works but by building my own json object and sendig it over an ajax request allways an error occurse with 400 (Bad Request) and “’_Token’ was not found in request data.”
SO is there a way to parsing an json object an add this '_Token to an specific json object?
You can use onBeforeAjax event
Third argument of event handler is “params” - json object which will be sent to server side, you can alter it in any way before sending to the server-side.
Thanks Maskim, I’ve got it.
But one question left:
When I use security tools in symfony or cakePHP we’ll get the hidden fields automaticaly when I use formBuilder so I do not have to worry about but when I have use
webix.ui({
view:“form”,
…
Is there a way to prepare this ui form with _TOKEN[‘fields’] etc… likewise automaticaly?
Thanks
Michael
There is no hidden inputs as separate views.
You can change
var data = form.getValues();
webix.ajax().post("/data.php", data);
with
var data = form.getValues();
data = webix.extend(data, extrainfo);
webix.ajax().post("/data.php", data);
where extrainfo is set of hidden fields
var extrainfo = { key: "somevalue", key2: "othervalue" }