Where do ajax post calls get started?

[Juan Pablo Santos Rodríguez <ju...@gmail.com>]

Hi,

I'm writing a csrf prevention filter for post requests on JSPWiki. So far
everything is going fine looking for posts requests via ajax: preview is
started by an AJAX POST call to AJAXPreview.jsp, but I can't find where the
call is started. The only place that seems to be calling is jspwiki-edit.js
file, but that's a get.

Something similar happens with calls to AJAXSearch.jsp. There's also a
couple of ajax[json|html] functions at jspwiki-common.js but I don't see
where/when are they called.

I'll keep looking, but any pointers in the meantime would be most welcomed
:-)


Cheers,
juan pablo

Re: Where do ajax post calls get started?

[Juan Pablo Santos Rodríguez <ju...@gmail.com>]

Hi,

answering to self, in case it is helpful for others, there are several
"new Request().." invocations on the *js filesthat perform the calls.
As a bonus, all <meta/> fields whose name begins with "wiki" is
automatically loaded into the Wiki object so you can do things like:

[...]
data: { page: Wiki.PageName, wikimarkup: "[{Groups}]()",
'X-XSRF-TOKEN': wiki.CsrfProtection },


best regards,
juan pablo

On Fri, Jul 1, 2022 at 5:13 PM Juan Pablo Santos Rodríguez
<ju...@gmail.com> wrote:
>
> Hi,
>
> I'm writing a csrf prevention filter for post requests on JSPWiki. So far everything is going fine looking for posts requests via ajax: preview is started by an AJAX POST call to AJAXPreview.jsp, but I can't find where the call is started. The only place that seems to be calling is jspwiki-edit.js file, but that's a get.
>
> Something similar happens with calls to AJAXSearch.jsp. There's also a couple of ajax[json|html] functions at jspwiki-common.js but I don't see where/when are they called.
>
> I'll keep looking, but any pointers in the meantime would be most welcomed :-)
>
>
> Cheers,
> juan pablo
>
>