topic Re: while I am submitting a form with post i am getting error of CSRF. in Alfresco Archive

while I am submitting a form with post i am getting error of CSRF.

vikash_patel — Tue, 13 Dec 2016 08:07:00 GMT

Hi,I have created a #dashlet which contains a from. #<form id="${el}-form" action="${url.context}/page/user/${context.user.id}/dashboard" method="post"><b> <label> ${msg("label.name")} </label></b><input type="text" name="leadName" required="required"/> <b>&

Re: while I am submitting a form with post i am getting error of CSRF.

ddraper — Tue, 13 Dec 2016 08:17:31 GMT

Could you explain what it is you're trying to do exactly? It looks like you're trying to POST to a dashboard page? I'm not sure if that's going to work - what are you expecting to happen to the data that is being sent (i.e. what do you have that is going to handle it?)

A CSRF error usually means that you're trying to POST to a different location from the host page - but that doesn't look to be the case from the code sample that you've shared.

Re: while I am submitting a form with post i am getting error of CSRF.

vikash_patel — Tue, 13 Dec 2016 08:57:32 GMT

Thanks for your reply Dave,
This is my code of dashlet's javascript file

function main(){
var leadName = page.url.args["leadName"];
var leadContactNo = page.url.args["leadContactNo"];
var leadAddress = page.url.args["leadAddress"];
if(leadName!="" && leadContactNo!="" && leadAddress!=""){
var mylink=encodeURI("/test/myCustomRepoWebscript?leadName="+leadName+"&leadContactNo="+leadContactNo+"&leadAddress="+leadAddress);
connector = remote.connect("alfresco");
 userDetail = connector.get(mylink);
if(userDetail.status == 200)
 {
 var peopleObject = jsonUtils.toObject(userDetail);
}else {
 model.bodytext = "some error";
}
 }‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍
}
main();‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I wanted to submit data to a repository by using webscript with the required parameters, While submitting the form this code will call a repowebscript.
but while i am submitting a form with method "get" it works fine but while i am trying to submit form with "post" i am getting above error.

Re: while I am submitting a form with post i am getting error of CSRF.

ddraper — Tue, 13 Dec 2016 09:21:12 GMT

It looks like you're trying to post to a different server which would be a violation of CSRF policy. You should read up on CSRF on Wikipedia - in particular the section on "HTTP verbs and CSRF" which explains why GET requests are allowed (essentially because they should be "safe" and not change state).

It is possible to disable the CSRF filters in Share but I would strongly recommend against that as it will introduce potential security vulnerabilities into your application. It is also possible to configure allowed URLs which you may have a valid case for if you are controlling both locations (where you're posting from and where you're posting to)

Re: while I am submitting a form with post i am getting error of CSRF.

romschn — Tue, 13 Dec 2016 11:44:31 GMT

Vikash Patel‌, If I understand correctly, from your share presentation tier web script's controller, you are trying to make a call to repository's post web script. Try using Connector.post instead of Connector.Get and see if it works for you.

Re: while I am submitting a form with post i am getting error of CSRF.

afaust — Tue, 13 Dec 2016 12:56:21 GMT

Or even better: Add a client-side UI component (YUI or Aikau) and do a regular JSON Ajax call via the proxy servlet (/share/proxy/alfresco/) without putting a custom web script in the middle. The proxy servlet already does a very fine job of properly forwarding any request to the Repository-tier, and both YUI / Aikau Ajax services already take care of requried CSRF tokens in the request headers.

Re: while I am submitting a form with post i am getting error of CSRF.

vikash_patel — Tue, 13 Dec 2016 14:53:30 GMT

Thanks, Ramesh sir.
I have tried it using connector.post, but still i am getting the same error.

Re: while I am submitting a form with post i am getting error of CSRF.

vikash_patel — Tue, 13 Dec 2016 14:55:55 GMT

Thanks Axel,
I will try to do a regular JSON Ajax call.

Re: while I am submitting a form with post i am getting error of CSRF.

vikash_patel — Thu, 15 Dec 2016 05:46:28 GMT

Hi Axel,
I have tried to call a repo webscript using AJAX and it is working now.

Thanks.