如何使用jQuery和spring security在所有Ajax请求中包含令牌?
目前我收到以下错误
未捕获的TypeError:无法读取属性' toLowerCase'未定义的
使用Javascript:
function editUser(data) {
var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");
var ctx = location.href.substring(0, location.href.lastIndexOf("/"));
var dataObject = JSON.stringify({ 'username': data });
$.ajax({
url: ctx+'/users/edit',
type: 'POST',
beforeSend: function(xhr){
xhr.setRequestHeader(header, token);
},
data: data
});
}
控制器:
@RequestMapping(value = "/users/edit", method = RequestMethod.POST)
public String editUser(@RequestParam("username") String username) {
System.out.println(username);
return "users/edit";
}
toLowerCase函数在jQuery中
// Caches the header
setRequestHeader: function( name, value ) {
var lname = name.toLowerCase();
if ( !state ) {
name = requestHeadersNames[ lname ] = requestHeadersNames[ lname ] || name;
requestHeaders[ name ] = value;
}
return this;
},
答案 0 :(得分:4)
要么确保页面始终包含<meta name="_csrf" content="something">和<meta name="_csrf_header" content="something">标记,要么在尝试设置标题之前让AJAX代码检查值是否存在:
beforeSend: function(xhr) {
if (header && token) {
xhr.setRequestHeader(header, token);
}
}