I'm trying to update a file in Alfresco... And I make this code:
var csrf_header = Alfresco.util.CSRFPolicy.getHeader();
var csrf_token = Alfresco.util.CSRFPolicy.getToken();
function getResponse(pdfbase64) {
var fd = new FormData();
if (Alfresco.util.CSRFPolicy && Alfresco.util.CSRFPolicy.isFilterEnabled())
{
fd.append(csrf_header, csrf_token);
}
fd.append("username", "admin");
fd.append("updatenoderef", nodeRef);
fd.append("filedata", pdfbase64);
fd.append("majorversion", "true");
fd.append("overwrite", "true");
alert(fileUpdateURL);
$.ajax({
url: fileUpdateURL,
type: "POST",
data: fd,
processData: false, // tell jQuery not to process the data
contentType: false // tell jQuery not to set contentType
});
}
The variable pdfbase64
is the content to put on the file (the changes that I made on the file to update the file in base64), but maybe this isn't the right format?, nodeRef
is the reference of the file like: "workspace://SpacesStore/4fb1b7e7-2502-4011-8870-17e8d626b93b"
and fileUpdateURL
is the URL
to POST
: http://localhost:8080/share/proxy/alfresco/api/upload
I got the error:
POST http://localhost:8080/share/proxy/alfresco/api/upload 500 Internal Server Error
javax.servlet.ServletException: Possible CSRF attack noted when comparing token in session and request parameter. Request: POST /share/proxy/alfresco/api/upload at org.alfresco.web.site.servlet.CSRFFilter$AssertTokenAction.run(CSRFFilter.java:845) at org.alfresco.web.site.servlet.CSRFFilter.doFilter(CSRFFilter.java:312) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241 ) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:447)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241 ) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:74) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241 ) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apa che.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2466) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2455) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
EDIT: If I use
instead of
I get the error:
{
"status" :
{
"code" : 400,
"name" : "Bad Request",
"description" : "Request sent by the client was syntactically incorrect."
},
"message" : "Required parameters are missing",
"exception" : "",
"callstack" :
[
],
"server" : "Community v5.0.0 (d r99759-b2) schema 8,022",
"time" : "Jan 24, 2016 1:14:41 PM"
}
Can anyone help me?
EDIT2:
I try to make the request with http://localhost:8080/share/proxy/alfresco/api/upload with this:
function getResponse(pdfbase64) {
var csrf_header = Alfresco.util.CSRFPolicy.getHeader();
var csrf_token = Alfresco.util.CSRFPolicy.getToken();
var fd = new FormData();
if (Alfresco.util.CSRFPolicy && Alfresco.util.CSRFPolicy.isFilterEnabled())
{
fd.append(csrf_header, csrf_token);
fileUpdateURL += "?" + Alfresco.util.CSRFPolicy.getParameter() + "=" + encodeURIComponent(Alfresco.util.CSRFPolicy.getToken());
}
fd.append("username", "admin");
fd.append("updatenoderef", nodeRef);
fd.append("filedata", pdfbase64);
fd.append("majorversion", "true");
fd.append("overwrite", "true");
alert(fileUpdateURL);
$.ajax({
url: fileUpdateURL,
type: "POST",
data: fd,
processData: false, // tell jQuery not to process the data
contentType: false // tell jQuery not to set contentType
});
}
But I obtain the error:
{
"status" :
{
"code" : 400,
"name" : "Bad Request",
"description" : "Request sent by the client was syntactically incorrect."
},
"message" : "Required parameters are missing",
"exception" : "",
"callstack" :
[
],
"server" : "Community v5.0.0 (d r99759-b2) schema 8,022",
"time" : "Jan 24, 2016 1:14:41 PM"
}
Try moving these lines inside your function:
var csrf_header = Alfresco.util.CSRFPolicy.getHeader();
var csrf_token = Alfresco.util.CSRFPolicy.getToken();
And if that does not solve your problem and the issue turn out to be not a matter of variable scope for csrf_*
vars, then you should try hint (2) from here
UPDATE : As I explained in our chat you should replace :
fd.append("filedata", pdfbase64);
with :
fd.append("filedata", new Blob([pdfbase64], {type: 'application/pdf'}););
Instead of setting the header, pass the token on the url:
if (Alfresco.util.CSRFPolicy && Alfresco.util.CSRFPolicy.isFilterEnabled())
{
url += "?" + Alfresco.util.CSRFPolicy.getParameter() + "=" + encodeURIComponent(Alfresco.util.CSRFPolicy.getToken());
}
As described in CSRF Policy
When uploading a file by submitting a form with enctype multipart/form-data it is not possible to set a header on the request, the reason is not because of the enctype specifically but due to the fact that its not possible to set a header on any form submission in the browser.
The other solution is to use Alfresco.forms.Form that takes care of everything.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.