I got an ASP NET Core RazorPage having a button which asynchronously replaces a part of the given HTML using an AJAX request.
Besides some text content it renders another button which is intended to post back the side when clicked. It is surrounded by a form element.
However, clicking the button I receive an HTTP 400 with the information "This page isn't working" (Chrome). Other browsers like Firefox return an HTTP 400 as well.
The relevant HTML with the button which has been created by the AJAX call is the one below:
<form method="post">
<button class="btnIcon" title="Todos" id="btnTodos" formaction="PersonManagement/Parts/MyPageName?handler=PerformTodos">Execute action</button>
</form>
As the url exists (I doublechecked it using the browser with a simple GET) I wonder whether the issue could be due to some security settings along with the browser or is there anything I am perhaps missing out here?
Thank you for any hint
Two things here first add this attribute to your form asp-antiforgery="true", then send it's value to the server in your AJAX post request.
jQuery magic starts here :)
token: $('[name=__RequestVerificationToken]').val(),
Antiforgery is ON by default since .net core 2.0 (as far as I remember), so if you do AJAX post you need to send the antiforgery token with each request.
Let us know if it helps. Spread knowledge don't hide it just for yourself :P
Finally I came across a very interesting article from Matthew Jones at https://exceptionnotfound.net/using-anti-forgery-tokens-in-asp-net-core-razor-pages/ about Anti-Forgery Tokens in Razor pages. Worth reading, indeed.
However, independently from that article what solved my issue was simply not to add the <form .. element at the client-side, but already at the server-side. As there is no need for me to explicitly adding it at the client-side, but only the button itself, this is a solution for me which works properly.
A brief summary of my scenario now:
There is a Razor Page containing usual cshtml content along with a <form method="post"..
Some anchor elements also are included, one is triggering a JQuery AJAX call to the server
The JQuery call comes back from the server with some additional HTML including the post button which which I add to the existing HTML.
The button is being rendered inside the now already existing
Clicking the button causes the page to post back in the wanted manner and executes the handler as intended.
Thanks again Stoyan for your input and help with that.
Related
Is there a way to post between razor pages without disabling the Anti-forgery Token? I appreciate that sounds stupid, but what I'd like the user to be able to do is submit a mini version of the contact us form on one page and the submit action takes them to a different razor page where they can continue to fill in the rest of the form. It's essentially so we can include a mini contact us form in the footer of all pages as a view component. The view component can't handle the post because there is no endpoint for the view component. Whereas this could probably be achieved by carrying the form data on the query string, that then exposes their name/email data which is undesirable. Adding the [IgnoreAntiforgeryToken] attribute on the contact us page works, but is there a way to make it work without removing the validation/checks?
I have some dynamic content that is loaded by AJAX and added to the current page. This content is essentially a form that is rendered on the server-side which includes client-side validation attributes. The problem is, when the resulting form is validated using unobtrusive validation - the original plus the dynamic, AJAX-loaded -, the validation on the form part that came from AJAX does not fire.
Is it possible to include it in the client validation?
The solution was to do:
//add content to the form
$(form).removeData("validator").removeData("unobtrusiveValidation");
$.validator.unobtrusive.parse(form);
There is documentation from Microsoft available at https://learn.microsoft.com/en-us/aspnet/core/mvc/models/validation#client-side-validation, but it has a small error, on which the removeData method is being called on the form element instead of the jQuery wrapping it.
I am getting this error most of the time when I submit my form. I am using Sitefinity 6.2 with ASP.NET MVC 4.0 and JQuery Mobile.
As I have Sitefinity in Hybred mode I am using the #Html.BeginFormSitefinity() command to create the form. On the Controller I have my action with the [HttpPost] attribute. The code always hits my default action on the controller with no problem. No matter what I put in the form when I submit I only get an error message on the page...never hits the HttpPost action.
I've looked around and there are many pages with fixes for the MAC failed issue, but none are working for me. I have a machine key in the web.config and I am NOT going to set enableViewStateMac to false as that is a security hole.
OK I tried working with both of the below solutions but they are both really bad. Here is what I am doing now, which is still not great, but I have Sitefinity, MVC, and JQuery Mobile all on the same page and forms are not giving me View State Exceptions anymore.
First thing is that adding data-ajax="false" is not enough, for this to work you need to disable Ajax before JQuery Mobile starts. So, to do this you need to add in this script BEFORE the JQuery Mobile File loads but after the JQuery file loads.
$(document).bind("mobileinit", function () { $.mobile.ajaxEnabled = false; });
After doing this I then do not use the Sitefinity Begin Form, I just JQuery to change the form on the main page to have the correct action.
<script>
$("#aspnetForm").attr("action", "Home/Login");
</script>
Together this means that there is a complete page load for each page change, and form posts use the form declared in my WebForms Master Page.
-Old Answer -
Actually...what I have below is not working. What I am
currently doing is really ugly but is usually working.
As long as the user enters the site from the home page then the home
page is the Jquery Mobile first page. The view state errors that I
was getting was because it saw the current page as the first page and
the form submit was to the active page. What if the controller for
the home page was just set to handle ALL HTTPPost calls? I have
removed the #Html.BeginFormSitefinity() from all the views with forms
and am just using the form on my top level masterpage. Then I add in
code on the view to change the action of this form to point to the
main page controller. ex
<script>
$("#aspnetForm").attr("action", "Home/Login");
</script>
Once I made this change the forms are not throwing view state
exceptions...as long as the home page is the Jquery Mobile first page.
If the user comes in from a different page then all is scrambled.
Don't have an answer for that yet.
Really Old Answer -
OK, think I have found it. I read somewhere, lost the link now, a
list of issues that can cause the error message. One of them is the
form being submitted from a different page.
I looked at the error message I was getting with Fiddler and noticed
that the Referer was my home page but the URL of the form post was the
URL for the page with my form. In stead of browsing through my site
to the page with the form I typed the URL in the address bar. I tried
submitting my form again and now it works!
So, this is an issue of Sitefinity and JQuery Mobile fighting it out.
When asp.net MVC is run in Hybred mode in Sitefinity it is actually
run in a Web.Forms master page that contains a form. When you use the
#Html.BeginFormSitefinity() to add a form to the view it is actually
just adding a div and then using AJAX to submit the form on the
Web.Forms master page.
JQuery Mobile loads up the first page that you visit, but later pages
are just injected into the existing page. So, there are multiple
data-role="page" divs loaded up in the DOM, inside of the Sitefinity
Web.Forms Master Page.
This all together is causing the form to post with the URL of the
active data-role="page" but the server sees that it is being refered
from the original page I loaded up. So, if I went to the page with
the form first all would work, start at any other page it does not
work.
Now that I know this I can put in data-ajax="false" on the link to the
page with the form and all looks to be working. This will cause
JQuery Mobile to not inject the target page into the current page but
will load all fresh with the target.
data-ajax="false" is the answer!
I have an ASP page (I did not write it and cannot change it) that calls an ASPX page written in VB.NET (I can change it)
Here is code from the ASP page:
<A style="CURSOR: pointer" title="View document" onclick="javascript:window.open('https://MYSERVER/MYPAGE.aspx?param=0123456789', 'popup');">View </A>
So, it pops the page with a parameter, but in order to do something, MYPAGE must know what URL the request came from. Now the problem is Request.UrlReferrer is NULL.
how do I find out which URL the request came from?
Thank you
EDIT: Just making sure everyone understands - I CANNOT change the ASP page. It remains the same opening a new window calling the 2nd page with onclick="javascript:window.open('https://MYSERVER/MYPAGE.aspx?param=0123456789'. The ONLY page I can change is the 2nd page, the one that got called.
You cannot rely on UrlReferrer since it is obtained from a header field that the browser should send, but does not in a number of cases.
The safest and best option is to get the ASP page to provide a param in the URL to identify the requestor.
If you cannot do this, another potential option is to leave the current page in place for the ASP page and create a new page for all other requests that route to the old page with an appropriate parameter to identify the source of the traffic (or vice versa).
I need to POST a HTML form to a 3rd party website (a Mass-SMS texting system).
In the past I've done this by forwarding to a page containing a form I've pre-populated and hidden (using display:none), then I've ran a javascript function at the end of the page to automatically submit this form.
However I'm hoping theres someway I can do all this programmatically (as I don't care about the response, and the user doesn't need to see the page the form is being posted to).
How can I do this? Cheers
You could use a WebClient.UploadValues method to send an HTTP POST request to a remote server from your code behind. Just fill up the name/value collection with the values coming from the hidden fields.
If you're willing to get into PHP, you can very easily use cURL for this.
Otherwise it's going to be quite difficult using just Javascript.
See here for a detailed tutorial.