From 4330596da24be6bb69dbf2d6158ceab011ec9c73 Mon Sep 17 00:00:00 2001 From: Mikhail Preyskurantov <5574159+mpreyskurantov@users.noreply.github.com> Date: Fri, 26 Dec 2025 13:32:41 +0200 Subject: [PATCH] jQuery: 1 BeforeSend + 1 jQuery.ajax / req --- .../BatchUpdateRequest/jQuery/index.js | 20 ++++++++++++--- .../CollaborativeEditing/jQuery/index.js | 25 ++++++++++++++++--- 2 files changed, 38 insertions(+), 7 deletions(-) diff --git a/apps/demos/Demos/DataGrid/BatchUpdateRequest/jQuery/index.js b/apps/demos/Demos/DataGrid/BatchUpdateRequest/jQuery/index.js index 3a5059bea534..92666d8eb36e 100644 --- a/apps/demos/Demos/DataGrid/BatchUpdateRequest/jQuery/index.js +++ b/apps/demos/Demos/DataGrid/BatchUpdateRequest/jQuery/index.js @@ -1,5 +1,9 @@ +const BASE_PATH = 'http://localhost:5555'; +//const BASE_PATH = 'https://js.devexpress.com/Demos/NetCore'; +let csrf = null; + $(() => { - const URL = 'https://js.devexpress.com/Demos/NetCore/api/DataGridWebApi'; + const URL = `${BASE_PATH}/api/DataGridBatchUpdateWebApi`; $('#gridContainer').dxDataGrid({ dataSource: DevExpress.data.AspNet.createStore({ @@ -26,7 +30,8 @@ $(() => { if (e.changes.length) { const changes = normalizeChanges(e.changes); - e.promise = sendBatchRequest(`${URL}/Batch`, changes).done(() => { + e.promise = sendBatchRequest(`${URL}/Batch`, changes, + { [csrf['headerName']]: csrf['token'] }).done(() => { e.component.refresh(true).done(() => { e.component.cancelEditData(); }); @@ -77,12 +82,13 @@ $(() => { }); } - function sendBatchRequest(url, changes) { + function sendBatchRequest(url, changes, headers) { const d = $.Deferred(); $.ajax(url, { method: 'POST', data: JSON.stringify(changes), + headers: headers, cache: false, contentType: 'application/json', xhrFields: { withCredentials: true }, @@ -93,3 +99,11 @@ $(() => { return d.promise(); } }); + +(async () => { + const response = await fetch(`${BASE_PATH}/api/Common/GetAntiForgeryToken`, { + credentials: 'include' + }); + const data = await response.text(); + csrf = JSON.parse(data); +})(); diff --git a/apps/demos/Demos/DataGrid/CollaborativeEditing/jQuery/index.js b/apps/demos/Demos/DataGrid/CollaborativeEditing/jQuery/index.js index 91de882ae2a3..fb32c85ac017 100644 --- a/apps/demos/Demos/DataGrid/CollaborativeEditing/jQuery/index.js +++ b/apps/demos/Demos/DataGrid/CollaborativeEditing/jQuery/index.js @@ -1,3 +1,7 @@ +const BASE_PATH = 'http://localhost:5555'; +//const BASE_PATH = 'https://js.devexpress.com/Demos/NetCore'; +let csrf = null; + $(() => { $.type = $.type || function (obj) { if (obj == null) { @@ -7,8 +11,7 @@ $(() => { return typeof obj; }; - const BASE_PATH = 'https://js.devexpress.com/Demos/NetCore/'; - const url = `${BASE_PATH}api/DataGridCollaborativeEditing/`; + const url = `${BASE_PATH}/api/DataGridCollaborativeEditing/`; const groupId = new DevExpress.data.Guid().toString(); const createStore = function () { @@ -20,6 +23,12 @@ $(() => { deleteUrl: url, onBeforeSend(method, ajaxOptions) { ajaxOptions.data.groupId = groupId; + ajaxOptions.xhrFields = { withCredentials: true }; + if (method === 'insert') { + ajaxOptions.headers = { + [csrf['headerName']]: csrf['token'] + }; + } }, }); }; @@ -59,7 +68,7 @@ $(() => { lookup: { dataSource: DevExpress.data.AspNet.createStore({ key: 'ID', - loadUrl: `${BASE_PATH}api/DataGridStatesLookup`, + loadUrl: `${BASE_PATH}/api/DataGridStatesLookup`, }), displayExpr: 'Name', valueExpr: 'ID', @@ -90,7 +99,7 @@ $(() => { createDataGrid('grid1', store1); createDataGrid('grid2', store2); - const hubUrl = `${BASE_PATH}dataGridCollaborativeEditingHub?GroupId=${groupId}`; + const hubUrl = `${BASE_PATH}/DataGridCollaborativeEditingHub?GroupId=${groupId}`; const connection = new signalR.HubConnectionBuilder() .withUrl(hubUrl, { skipNegotiation: true, @@ -114,3 +123,11 @@ $(() => { }); }); }); + +(async () => { + const response = await fetch(`${BASE_PATH}/api/Common/GetAntiForgeryToken`, { + credentials: 'include' + }); + const data = await response.text(); + csrf = JSON.parse(data); +})();