Alfresco Update File - ERROR POST

Question

I'm trying to update a file in Alfresco... And I make this code:

var csrf_header = Alfresco.util.CSRFPolicy.getHeader();
var csrf_token = Alfresco.util.CSRFPolicy.getToken();
function getResponse(pdfbase64) {
                var fd = new FormData();
                if (Alfresco.util.CSRFPolicy && Alfresco.util.CSRFPolicy.isFilterEnabled())
                {
                    fd.append(csrf_header, csrf_token);
                }
                fd.append("username", "admin");
                fd.append("updatenoderef", nodeRef);
                fd.append("filedata", pdfbase64);
                fd.append("majorversion", "true");
                fd.append("overwrite", "true");
                alert(fileUpdateURL);
                $.ajax({
                  url: fileUpdateURL,
                  type: "POST",
                  data: fd,
                  processData: false,  // tell jQuery not to process the data
                  contentType: false   // tell jQuery not to set contentType
                });

}

The variable pdfbase64 is the content to put on the file (the changes that I made on the file to update the file in base64), but maybe this isn't the right format?, nodeRef is the reference of the file like: "workspace://SpacesStore/4fb1b7e7-2502-4011-8870-17e8d626b93b" and fileUpdateURL is the URL to POST : http://localhost:8080/share/proxy/alfresco/api/upload

Source of params

I got the error:

POST http://localhost:8080/share/proxy/alfresco/api/upload 500 Internal Server Error

javax.servlet.ServletException: Possible CSRF attack noted when comparing token in session and request parameter. Request: POST /share/proxy/alfresco/api/upload at org.alfresco.web.site.servlet.CSRFFilter$AssertTokenAction.run(CSRFFilter.java:845) at org.alfresco.web.site.servlet.CSRFFilter.doFilter(CSRFFilter.java:312) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241 ) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:447)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241 ) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:74) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241 ) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apa che.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2466) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2455) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)

EDIT: If I use

http://localhost:8080/alfresco/service/api/upload

instead of

http://localhost:8080/share/proxy/alfresco/api/upload

I get the error:

{
    "status" : 
  {
    "code" : 400,
    "name" : "Bad Request",
    "description" : "Request sent by the client was syntactically incorrect."
  },  

  "message" : "Required parameters are missing",  
  "exception" : "",

  "callstack" : 
  [ 

  ],

  "server" : "Community v5.0.0 (d r99759-b2) schema 8,022",
  "time" : "Jan 24, 2016 1:14:41 PM"
}

Can anyone help me?

EDIT2:

I try to make the request with http://localhost:8080/share/proxy/alfresco/api/upload with this:

function getResponse(pdfbase64) {
            var csrf_header = Alfresco.util.CSRFPolicy.getHeader();
            var csrf_token = Alfresco.util.CSRFPolicy.getToken();
            var fd = new FormData();
            if (Alfresco.util.CSRFPolicy && Alfresco.util.CSRFPolicy.isFilterEnabled())
            {
                fd.append(csrf_header, csrf_token);
                fileUpdateURL += "?" + Alfresco.util.CSRFPolicy.getParameter() + "=" + encodeURIComponent(Alfresco.util.CSRFPolicy.getToken());

            }
            fd.append("username", "admin");
            fd.append("updatenoderef", nodeRef);
            fd.append("filedata", pdfbase64);
            fd.append("majorversion", "true");
            fd.append("overwrite", "true");
            alert(fileUpdateURL);
            $.ajax({
                url: fileUpdateURL,
                type: "POST",
                data: fd,
                processData: false,  // tell jQuery not to process the data
                contentType: false   // tell jQuery not to set contentType
            });

    }

But I obtain the error:

{
        "status" : 
      {
        "code" : 400,
        "name" : "Bad Request",
        "description" : "Request sent by the client was syntactically incorrect."
      },  

      "message" : "Required parameters are missing",  
      "exception" : "",

      "callstack" : 
      [ 

      ],

      "server" : "Community v5.0.0 (d r99759-b2) schema 8,022",
      "time" : "Jan 24, 2016 1:14:41 PM"
    }

Answer 1

Try moving these lines inside your function:

var csrf_header = Alfresco.util.CSRFPolicy.getHeader();
var csrf_token = Alfresco.util.CSRFPolicy.getToken();

And if that does not solve your problem and the issue turn out to be not a matter of variable scope for csrf_* vars, then you should try hint (2) from here

---

UPDATE : As I explained in our chat you should replace :

fd.append("filedata", pdfbase64);

with :

fd.append("filedata", new Blob([pdfbase64], {type: 'application/pdf'}););

Answer 2

Instead of setting the header, pass the token on the url:

if (Alfresco.util.CSRFPolicy && Alfresco.util.CSRFPolicy.isFilterEnabled())
{
   url += "?" + Alfresco.util.CSRFPolicy.getParameter() + "=" + encodeURIComponent(Alfresco.util.CSRFPolicy.getToken());
}

As described in CSRF Policy

When uploading a file by submitting a form with enctype multipart/form-data it is not possible to set a header on the request, the reason is not because of the enctype specifically but due to the fact that its not possible to set a header on any form submission in the browser.

The other solution is to use Alfresco.forms.Form that takes care of everything.