andrew.ortwein
2011-01-06 21:37:30 UTC
My current project has a requirement that all requests contain a secret token
in the header in order to prevent cross-site request forgery (CSRF).
Unfortunately, it appears that you cannot set headers when using
dojo.io.iframe.send() to upload a file. Does anyone know of a way around
this?
I've searched quite a bit and it appears that there is no way to include
headers in dojo.io.iframe.send(). Is there any other way to upload files
and include headers in the request? If not, does anyone have any other
ideas? I'm a bit surprised that this inability to protect against CSRF when
uploading files hasn't come up before.
As always, thanks for any help you can provide!
in the header in order to prevent cross-site request forgery (CSRF).
Unfortunately, it appears that you cannot set headers when using
dojo.io.iframe.send() to upload a file. Does anyone know of a way around
this?
I've searched quite a bit and it appears that there is no way to include
headers in dojo.io.iframe.send(). Is there any other way to upload files
and include headers in the request? If not, does anyone have any other
ideas? I'm a bit surprised that this inability to protect against CSRF when
uploading files hasn't come up before.
As always, thanks for any help you can provide!
--
View this message in context: http://dojo-toolkit.33424.n3.nabble.com/Upload-file-via-dojo-io-iframe-send-with-CSRF-secret-token-tp2208392p2208392.html
Sent from the Dojo Toolkit mailing list archive at Nabble.com.
View this message in context: http://dojo-toolkit.33424.n3.nabble.com/Upload-file-via-dojo-io-iframe-send-with-CSRF-secret-token-tp2208392p2208392.html
Sent from the Dojo Toolkit mailing list archive at Nabble.com.