struts2 invalid.token returned when form submitted using JQuery -
I have received a code in which I have to include the prevention of CSRF and to use the struts2 token session interceptor I am trying to do I am adding a token using the Stroops 2 token tag in my form:
& lt; Form id = "updateObject" name = "updateObject" action = "& lt;% = request.getContextPath)% & gt; /prv/updateObject.action" method = "POST" & gt; & Lt; Fieldet class = "x-field" & gt; & Lt; Legend & gt; Update the object - action needed & lt; / Legend & gt; & Lt; Div & gt; ... & lt; / Div & gt; & Lt; S: Token / & gt; & Lt; S: Hidden name = "id" id = "objectId" /> More stuff here ... & lt; Input type = "submit" value = "update object" onclick = "javascript: return doUpdateObject ('myAction');" /> & Lt; / Fieldset & gt; & Lt; / Form & gt;
In my Javascript function, I'm adding / removing some validation rules (Depending on the required action and submitting the form:
function doUpdateObject (Verb)} {ActionPanel.registerAction (action); // This function puts the action name in the in-scope variable doUpdateObjectValidationSetup (action); // This function adds, but depending on the action, jquery validation rules ($ ("$ updateObject"). Valid ()) {$ ("form # updateObject"). Submit ();} Return false;}
I have blocked the request and the token is being added, even though the Struts2 token signet interceptor is returning invalid.token. The code works without requiring this interceptor. (Stratus 2 XML file has not been posted - if necessary, can post related section). I have also used the token session interceptor in other pages which is not going through the original html submit button (i.e. javascript or jquery) and it also works as expected token invalid?
N.B. The legacy project I inherited uses the unique HTML, Strauss 2 tags, exaggerated mix of XJJ and JQ. I will clear it at some point, but for now I need to work as a token session interceptor asap in code (as I have to implement a similar fix for several hundred pages ...).
Any help / hints / tips / etc appreciated much!
Regards,
John
Do you really Introducing? (See in your web server log)
If so, then perhaps the reason is:
onclick = "javascript: return doUpdateObject ('myAction');"
.
This is not true, pseudo protocol javascript:
should be used in the URL (ej href = "..."
) and not In the event the operators Replace it with the overclick = "return doUpdateObject ('myAction')"
.
I suspect that the problem is due to this, though.
Comments
Post a Comment