Add CSRF token to header of POST requests made with AjaxStore
Posted: Thu Jan 17, 2019 3:11 pm
I am trying to get a Bryntum Grid working with a PHP backend made with the Laravel famework. I want to use the AjaxStore to read, create, update and delete records in my backend, but I've run into a snag: it seems that you can only configure the urls of these CRUD actions. My backend uses a CSRF token which needs to be sent in either the header or the POST body (preferably the header), but I cannot figure out how to sent this token with the AjaxStore.
I have read the AjaxStore documentation page (https://www.bryntum.com/docs/grid/#Comm ... /AjaxStore), and cannot find anything about this. I am wondering if this is supported by the Grid, or if it needs to be custom-built by me.
Can anyone help me? I would expect that there would be some way to either:
- Add a default header for requests made by the AjaxStore
- Add a header (or parameter in the POST body) in some on-commit event/hook (it seems there are some events that may be usable for this, but the documentation never mentions that the request that will be made can be modified; the events I am referring to are 'beforeCommit' and 'beforeRequest')
Is there a way to do either of the above? If not, can anybody help me think of a way to fix this problem? Currently, I am thinking about the following solutions:
- Add the CSRF token as a hidden column to the grid (not really desirable, since this would be added for every row, and an extra column will need to be managed, even though it doesn't do all that much)
- Extend the AjaxStore to add either of the above features, and swap the store used in my grid with this new AjaxStore
- Don't use the AjaxStore, but use a normal store, and manage all ajax communication in a completely separate class
Can anybody tell me if any of these solutions are feasible (or if they are not: why)?
I have read the AjaxStore documentation page (https://www.bryntum.com/docs/grid/#Comm ... /AjaxStore), and cannot find anything about this. I am wondering if this is supported by the Grid, or if it needs to be custom-built by me.
Can anyone help me? I would expect that there would be some way to either:
- Add a default header for requests made by the AjaxStore
- Add a header (or parameter in the POST body) in some on-commit event/hook (it seems there are some events that may be usable for this, but the documentation never mentions that the request that will be made can be modified; the events I am referring to are 'beforeCommit' and 'beforeRequest')
Is there a way to do either of the above? If not, can anybody help me think of a way to fix this problem? Currently, I am thinking about the following solutions:
- Add the CSRF token as a hidden column to the grid (not really desirable, since this would be added for every row, and an extra column will need to be managed, even though it doesn't do all that much)
- Extend the AjaxStore to add either of the above features, and swap the store used in my grid with this new AjaxStore
- Don't use the AjaxStore, but use a normal store, and manage all ajax communication in a completely separate class
Can anybody tell me if any of these solutions are feasible (or if they are not: why)?