配合MVC的ValidateAntiForgeryToken筛选的jquery提交插件

发布时间:2015/6/16 14:18:10 最后修改:2015/6/18 0:34:03 浏览量:1106

<span style="color: rgb(0, 100, 0);">/// &lt;reference path="jquery-1.4.2.js" /&gt;

</span>(<span style="color: blue;">function </span>($) {
    $.getAntiForgeryToken = <span style="color: blue;">function </span>(tokenWindow, appPath) {
        <span style="color: rgb(0, 100, 0);">// HtmlHelper.AntiForgeryToken() must be invoked to print the token.
        </span>tokenWindow = tokenWindow &amp;&amp; <span style="color: blue;">typeof </span>tokenWindow === <span style="color: blue;">typeof </span>window ? tokenWindow : window;

        appPath = appPath &amp;&amp; <span style="color: blue;">typeof </span>appPath === <span style="color: maroon;">"string" </span>? <span style="color: maroon;">"_" </span>+ appPath.toString() : <span style="color: maroon;">""</span>;
        <span style="color: rgb(0, 100, 0);">// The name attribute is either __RequestVerificationToken,
        // or __RequestVerificationToken_{appPath}.
        </span><span style="color: blue;">var </span>tokenName = <span style="color: maroon;">"__RequestVerificationToken" </span>+ appPath;

        <span style="color: rgb(0, 100, 0);">// Finds the &lt;input type="hidden" name={tokenName} value="..." /&gt; from the specified window.
        // var inputElements = tokenWindow.$("input[type='hidden'][name=' + tokenName + "']");
        </span><span style="color: blue;">var </span>inputElements = tokenWindow.document.getElementsByTagName(<span style="color: maroon;">"input"</span>);
        <span style="color: blue;">for </span>(<span style="color: blue;">var </span>i = 0; i &lt; inputElements.length; i++) {
            <span style="color: blue;">var </span>inputElement = inputElements[i];
            <span style="color: blue;">if </span>(inputElement.type === <span style="color: maroon;">"hidden" </span>&amp;&amp; inputElement.name === tokenName) {
                <span style="color: blue;">return </span>{
                    name: tokenName,
                    value: inputElement.value
                };
            }
        }
    };

    $.appendAntiForgeryToken = <span style="color: blue;">function </span>(data, token) {
        <span style="color: rgb(0, 100, 0);">// Converts data if not already a string.
        </span><span style="color: blue;">if </span>(data &amp;&amp; <span style="color: blue;">typeof </span>data !== <span style="color: maroon;">"string"</span>) {
            data = $.param(data);
        }

        <span style="color: rgb(0, 100, 0);">// Gets token from current window by default.
        </span>token = token ? token : $.getAntiForgeryToken(); <span style="color: rgb(0, 100, 0);">// $.getAntiForgeryToken(window).

        </span>data = data ? data + <span style="color: maroon;">"&amp;" </span>: <span style="color: maroon;">""</span>;
        <span style="color: rgb(0, 100, 0);">// If token exists, appends {token.name}={token.value} to data.
        </span><span style="color: blue;">return </span>token ? data + encodeURIComponent(token.name) + <span style="color: maroon;">"=" </span>+ encodeURIComponent(token.value) : data;
    };

    <span style="color: rgb(0, 100, 0);">// Wraps $.post(url, data, callback, type) for most common scenarios.
    </span>$.postAntiForgery = <span style="color: blue;">function </span>(url, data, callback, type) {
        <span style="color: blue;">return </span>$.post(url, $.appendAntiForgeryToken(data), callback, type);
    };

    <span style="color: rgb(0, 100, 0);">// Wraps $.ajax(settings).
    </span>$.ajaxAntiForgery = <span style="color: blue;">function </span>(settings) {
        <span style="color: rgb(0, 100, 0);">// Supports more options than $.ajax(): 
        // settings.token, settings.tokenWindow, settings.appPath.
        </span><span style="color: blue;">var </span>token = settings.token ? settings.token : $.getAntiForgeryToken(settings.tokenWindow, settings.appPath);
        settings.data = $.appendAntiForgeryToken(settings.data, token);
        <span style="color: blue;">return </span>$.ajax(settings);
    };
})(jQuery);


提交时,将 $.post() 改成 $.postAntiForgery(), 将 $.ajax() 改成 $.ajaxAntiForgery():


如果是在 iframe 或 dialog 中提交,则token值就会存在父级窗口中,post需要如下调用

data = $.appendAntiForgeryToken(data, $.getAntiForgeryToken(<span style="text-decoration: underline;">window.parent</span>));
<span style="color: rgb(0, 100, 0);">// Token is already in data. No need to invoke $.postAntiForgery().
</span>$.post(url, data, callback);

 $.ajaxAntiForgery() 可以做如下调用

$.ajaxAntiForgery({
    type: <span style="color: maroon;">"POST"</span>,
    url: url,
    data: {
        productName: <span style="color: maroon;">"Tofu"</span>,
        categoryId: 1
    },
    success: callback, <span style="color: rgb(0, 100, 0);">// The same usage as $.ajax(), supporting more options.
    </span><span style="text-decoration: underline;">tokenWindow</span>: window.parent <span style="color: rgb(0, 100, 0);">// Token is in another window.
</span>});


原文地址:http://weblogs.asp.net/dixin/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax

网友回复
总数:0 当前页:1 / 0 首页 上页 下页 末页
回复

品码堂 (关于我们

桂ICP备13004001号