I’m trying to request a Ajax POST, and I’m getting the error 403 (Forbidden) and the error Missing CSRF token body📋
It’s running on the IIS server, and it’s the 4.0 Cake
This is the ajax call, the Headers line I found in another forum, but successless
$.ajax({
url: url,
type: 'POST',
contentType: false,
processData: false,
headers: {
'X-CSRF-Token': "<?= $this->request->getParam('_csrfToken'); ?>"
},
data: function(){
var data = new FormData();
idanexo = '#Anexos'+tarefa;
jQuery.each(jQuery(idanexo)[0].files, function(i, file) {
data.append('file-'+i, file);
});
data.append( 'Comentario', comentario );
data.append( 'NumTarefa', tarefa );
return data;
}(),
success: function(result) {
viewTarefa(tarefa);
},
});
In the Application.php, there’s this function:
public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
{
$csrf = new CsrfProtectionMiddleware();
$middlewareQueue
// Catch any exceptions in the lower layers,
// and make an error page/response
->add(new ErrorHandlerMiddleware(Configure::read('Error')))
// Handle plugin/theme assets like CakePHP normally does.
->add(new AssetMiddleware([
'cacheTime' => Configure::read('Asset.cacheTime'),
]))
->add(new RoutingMiddleware($this));
// Ensure routing middleware is added to the queue before CSRF protection middleware.
$middlewareQueue->add($csrf);
return $middlewareQueue;
}