I am using JQuery with ASP.NET Core 1.0.1 and I have the Ajax call:
$("#send-message").on("submit", function (event) {
event.preventDefault();
var $form = $(this);
$.ajax({
url: "api/messages",
data: JSON.stringify($form.serializeToJSON()),
dataType: "json",
headers: {
Accept: "application/json",
"Content-Type": "application/json"
},
type: "post"
})
.done(function (data, status, xhr) { })
.fail(function (xhr, status, error) { });
To the ASP.NET Core action:
[HttpPost("messages")]
public async Task<IActionResult> Post([FromBody]MessagePostApiModelModel model) {
// Send message
}
The form is in a shared view and it is the following:
<form id="send-question" method="post">
<textarea name="content"></textarea>
<button class="button" type="submit">Enviar</button>
</form>
When I submit the form I get the error:
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery header value "RequestVerificationToken" is not present.
How can I enable ASP.NET Core's AntiForgeryToken with JQuery Ajax calls?
UPDATE
I need to add the following asp-controller and asp-action to the form:
<form asp-controller="QuestionApi" asp-action="Post" id="send-question" method="post">
</form>
This will generate the antiforgery token. And I needed to manually add the token to the headers of the JQuery call as follows:
headers: {
"Accept": "application/json",
"Content-Type": "application/json",
"RequestVerificationToken": $form.find("input[name='af_token']").val()
},
Is there a better way to do this?
How do solve this when there is not form and I have only an A tag that when clicked makes the Ajax call? Can I generate a common antiforgery token on my page head to be used by all ajax calls from that page?
See Question&Answers more detail:
os