I have an ASP .Net Core 1.1 MVC web app. When I add the [ValidateAntiForgeryToken] decoration to my Edit/Delete/Create controllers, the pages don't load (
HTTP 400 error). Any ideas why? I read somewhere that I have to add a corresponding #HtmlHelper.AntiForgeryToken to my Views, or something like that? But not sure where to put it... However, I've also read that it's not necessary to do this anymoer in ASP .Net Core...
Here is an example of my Edit view for a "Users" controller:
#model InspectionsData.Models.User
#{
ViewData["Title"] = "Edit";
}
<h2>Edit</h2>
<form asp-action="Edit">
<div class="form-horizontal">
<h4>User</h4>
<hr />
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
<div class="form-group" hidden>
<label asp-for="UserId" class="col-md-2 control-label"></label>
<div class="col-md-10">
<input asp-for="UserId" class="form-control" />
<span asp-validation-for="UserId" class="text-danger"></span>
</div>
</div>
<div class="form-group">
<label asp-for="FirstName" class="col-md-2 control-label"></label>
<div class="col-md-10">
<input asp-for="FirstName" class="form-control" />
<span asp-validation-for="FirstName" class="text-danger"></span>
</div>
</div>
<div class="form-group">
<label asp-for="LastName" class="col-md-2 control-label"></label>
<div class="col-md-10">
<input asp-for="LastName" class="form-control" />
<span asp-validation-for="LastName" class="text-danger"></span>
</div>
</div>
</div>
</form>
<div>
<a asp-action="Index">Back to List</a>
</div>
Thank you
You need to change your form declaration to something like the following.
<form asp-controller="User"
asp-action="Edit" method="post" asp-antiforgery="true">
Like you mention, the asp-antiforgery="true" may be optional, but I like to always add that to make sure that I show my intentions. This works for me every time.
Hope this helps.
Yes, you are correct. You don't have to manually put AntiForgeryToken anymore in ASP.NET Core.
The Form tag helper generates a hidden Request Verification Token to
prevent cross-site request forgery (when used with the
[ValidateAntiForgeryToken] attribute in the HTTP Post action method)
Taken from ASP.NET Core docs
Having that said, are you sure your actions correspond to POST request?
Also specifying the Controller is also a good idea.
<form asp-controller="Users" asp-action="Edit">
P.S: Adding the code for your action methods would help solve the issue faster.
Related
In my .nercore razor page project I have a number of forms with multiple onPost handlers - different buttons for different events (eg. add / copy / edit / delete)
My problem is - I do not understand how I can differentiate client-side validation depending on the button pressed.
EDIT
Let's assume, I have the following .cshtml which defines two input data fields and two buttons. By pressing one button (Add) the first Field A should be validated, by pressing the second (copy) - another one (Field B):
#page "{id:int}/{modeR:int}"
#model MyProject.Pages.MyProjectDB.AddRecordModel
#{
ViewData["Title"] = "Add Record";
}
<div class="row">
<div class="col-md-7">
<form method="post" enctype="multipart/form-data">
<div class="form-group">
<label asp-for="myClass.FieldA" class="control-label"></label>
<input asp-for="myClass.FieldA" class="form-control" />
<span asp-validation-for="myClass.FieldA" class="text-danger"></span>
</div>
<div class="form-group">
<label asp-for="myClass.FieldB" class="control-label"></label>
<input asp-for="myClass.FieldB" class="form-control" />
<span asp-validation-for="myClass.FieldB" class="text-danger"></span>
</div>
<div class="form-group">
<button type="submit" value="Add" class="btn btn-success">Add Record)</button>
<button type="submit" value="Copy" class="btn btn-warning">Edit Record</button>
</div>
</form>
</div>
</div>
#section Scripts {
<partial name="_ValidationScriptsPartial" />
}
at the end of my .cshtml page, but it runs always when onPost is called.
I need to run validation "in groups": for one button set of one fields and ignore others, for another - another set and so on like written above
Is there any way to achieve it without writing custom javascript or do it on server side?..
ANOTHER EDIT
The answer was provided for the case where we have clear separation of input fields / buttons. But how can we handle this if we have two input fields and one button. Validation should NOT be fire if either of them is filled in and should fire if both are null. I understand, this sounds a bit strange, but in my example I have one input field and one dropdown-list. So, either a field should be filled-in or an item should be selected from the list, but for code simplicity let's stay with two input fields (Filed A and Field B, one of them should be filled) and one button:
#page "{id:int}/{modeR:int}"
#model MyProject.Pages.MyProjectDB.AddRecordModel
#{
ViewData["Title"] = "Add Record";
}
<div class="row">
<div class="col-md-7">
<form method="post" enctype="multipart/form-data">
<div class="form-group">
<label asp-for="myClass.FieldA" class="control-label"></label>
<input asp-for="myClass.FieldA" class="form-control" />
<span asp-validation-for="myClass.FieldA" class="text-danger"></span>
</div>
<div class="form-group">
<label asp-for="myClass.FieldB" class="control-label"></label>
<input asp-for="myClass.FieldB" class="form-control" />
<span asp-validation-for="myClass.FieldB" class="text-danger"></span>
</div>
<div class="form-group">
<button type="submit" value="Add" class="btn btn-success">Add Record)</button>
</div>
</form>
</div>
</div>
#section Scripts {
<partial name="_ValidationScriptsPartial" />
}
Thanks in advance!
By pressing one button (Add) the first Field A should be validated, by pressing the second (copy) - another one (Field B) should be validated
You can try to put them in separate <form> and specify handler method via the asp-page-handler attribute, like below.
<h1>Go Add Handler</h1>
<form method="post">
<div class="form-group">
<label asp-for="myClass.FieldA" class="control-label"></label>
<input asp-for="myClass.FieldA" class="form-control" />
<span asp-validation-for="myClass.FieldA" class="text-danger"></span>
</div>
<div>
<button type="submit" value="Add" class="btn btn-success" asp-page-handler="Add">Add Record</button>
</div>
</form>
<hr />
<h1>Go Copy Handler</h1>
<form id="myform" method="post">
<div class="form-group">
<label asp-for="myClass.FieldB" class="control-label"></label>
<input asp-for="myClass.FieldB" class="form-control" />
<span asp-validation-for="myClass.FieldB" class="text-danger"></span>
</div>
<div>
<button type="submit" value="Copy" class="btn btn-warning" asp-page-handler="Copy">Edit Record</button>
</div>
</form>
#section scripts{
#await Html.PartialAsync("_ValidationScriptsPartial")
}
Test Result
I'm trying to learn Laravel, and I'm following a series of tutorials called laracast. I'm at episode 24, "Forms that submit PUT requests. The short story is that the markup uses a hidden value to set the method to PUT, although the forms method is set to POST. Still, when I do this, I get the error message from the title:
Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException
The PUT method is not supported for this route. Supported methods: GET, HEAD.
From the tutorials, I'd expect POST to also be a supported method. However, when I try to fix this, all resources I can find simply tells me what I already know. PUT is not supported, but I can fake it/override it, and then they refer to what I have already done... Are there any other reasons why I might get this error message?
HTML Form:
<form method="POST" action="/competition-categories">
#csrf
#method('PUT')
<div class="form-group row">
<label for="competition-category-name-input" class="col-4 col-form-label">Name</label>
<div class="col-8">
<input id="competition-category-name-input" name="competition-category-name-input" type="text" class="form-control" required="required" value="{{ $competitionCategory->name }}">
</div>
</div>
<div class="form-group row">
<label for="competition-category-abbreviation-input" class="col-4 col-form-label">Abbreviation</label>
<div class="col-8">
<input id="competition-category-abbreviation-input" name="competition-category-abbreviation-input" type="text" class="form-control" required="required" value="{{ $competitionCategory->abbreviation }}">
</div>
</div>
<div class="form-group row">
<div class="offset-4 col-8">
<button name="submit" type="submit" class="btn btn-primary">Submit</button>
</div>
</div>
</form>
web.php snippet:
//Competition Categories
Route::get('/competition-categories', 'CompetitionCategoryController#index');
Route::get('/competition-categories/create', 'CompetitionCategoryController#create');
Route::get('/competition-categories/{competitionCategory}', 'CompetitionCategoryController#show');
Route::get('/competition-categories/{competitionCategory}/edit', 'CompetitionCategoryController#edit');
Route::post('/competition-categories/{competitionCategory}', 'CompetitionCategoryController#store');
Route::put('/competition-categories/{competitionCategory}', 'CompetitionCategoryController#udpate');
Route::delete('/competition-categories/{competitionCategory}', 'CompetitionCategoryController#destroy');
Snippet from the controller:
public function update(Request $request, CompetitionCategory $competitionCategory)
{
$competitionCategory->update($this->validateCompetitionCategory());
return redirect()->route('competition-categories' , [$competitionCategory]);
}
You're forgetting the id in form, this should fix your problem:
action="/competition-categories/{{$competitionCategory->id}}"
The most common thing that this happens is your cache. When you add a new route or change something in your routes, always run after php artisan optimize to refresh you cache.
I recommend using the named-routes for more informations and messages see =>
https://laravel.com/docs/7.x/routing#named-routes
Here how to use it according to its GitHub
I already install the package:
Use Opengraph
$data = OpenGraph::fetch("http://www.addemyplus.com/blogs/my-faith-for-your-love");
that may return an array:
{"type":"website","title":"My Faith For Your Love","description":"","image":"http:\/\/www.addemyplus.com\/images\/frontend_images\/blogs\/medium\/57670.jpg"}
My problem is how can I use it on my blade that whenever I type a link in the form it will fetch the Og data of that site.
and show below the image and description
I have this code on form:
<form action="{{route('store_post_path')}}" method="POST">
{{csrf_field()}}
<div class="form-group">
<label class="sr-only" for="title">title</label>
<input type="text" class="form-control" name="title" placeholder="Your Post Title or Question">
</div>
<div class="form-group">
<label class="sr-only" for="post">post</label>
<textarea class="form-control" name="post_content" id="post_content" rows="3" placeholder="Briefly explain your question or Your Post Content"></textarea>
</div>
<div class="tab-pane fade" id="images" role="tabpanel" aria-labelledby="images-tab">
<div class="form-group">
<div class="custom-file">
</div>
</div>
<div class="py-4"></div>
</div>
<div class="btn-toolbar justify-content-between">
<div class="btn-group">
<button type="Submit" class="btn btn-primary">Share your Post</button>
</div>
</div>
</form>
How can I use the code to fetch the Og property of the link? I want to view the image and title of the link below before submitting my post.. Please show some tutorial sites for this.
Get the link from the form in post content. You can do it using regex.
function getUrl($string)
{
$regex = '/https?\:\/\/[^\" ]+/i';
preg_match_all($regex, $string, $match);
return ($match);
}
$url = getUrl($string)
If there are any links in post content you will get array of links.
Use OpenGraph::fetch($url) to fetch the OG data of the url. That you can show in the view.
i have a dropdown list when i select any one option from list i should display an another form with name of the teacher and subject of the teacher in textbox.The form is not displaying.when i select one item it should display the selected name and description box to add subjects of teachers that they interested please help me
view page
<div class="portlet light bordered row">
<h1>Add teacher subject</h1>
<div class="row">
<form action = "{{ url('subjectby/adding/process') }}" method = "POST">
{{ csrf_field() }}
<div class= "col-md-12">
<div class="form-group">
<h3>Choose Teachers </h3>
<div class="input-group">
<div class="ui-widget border-dropdown" style="margin-left:50px;">
<select id="teacher" name="teachers" placeholder="Select Teacher">
<option value="">Select Teacher</option>
#foreach($user as $tec)
<option value="{{$tec->id}}">{{$tec->name}}</option>
#endforeach
</select>
</div>
</div>
</div>
</div>
<div class="col-md-12">
<div class="new">
<div class="form-group">
<div class="col-sm-6">
<label for="inputFacebook">Teacher Name</label>
<input type=hidden value="{{$tec->id}}" name="id">
<input type="text" value="{{$tec->name}}" class="form-control" name="name">
</div>
</div>
<div class="form-group">
<div class="col-sm-12">
<label for="inputDescription">Subject Interested</label>
<textarea class="form-control" rows="8" name="intr" placeholder="Enter Subject Interest"> </textarea>
</div>
</div>
<div class="form-group">
<div class="col-sm-12">
<input type="submit" value="add" name=b1>
</div>
</div>
</div>
</div>
</form>
</div>
</div>
This isn't a Laravel specific problem. You are taking about DOM manipulation and so you best bet is to use jQuery or Vuejs or even vanilla Javascript if you so choose. Basically, you will write a script to watch for when your <select> changes, and then based on it's new value, show the part of the form you want.
Keep in mind that Laravel is a backend framework and so the user will never interact with it on a page. After a page loads, Laravel has done all it can do until another request is made. This is why Javascript was born - to let the user change things without reloading the page.
I need to integrate an web based html editor in asp.net core project. I downloaded CKEditor and placed the unzipped folder in wwwroot folder.
I have referenced "ckeditor.js" in _Layout.cshtml using following script tag.
<script src="~/ckeditor/ckeditor.js" type="text/javascript">
</script>
Then, I've used following code to display the editor.
<textarea id="editor1" name="editor1">
</textarea>
<script type="text/javascript">CKEDITOR.replace('editor1');</script>
On using these lines of code in the empty About.cshtml of Home Folder, the editor was displayed. But the editor was not displayed when using the same code in another .cshtml file. The Code is given below
<div class="panel">
<div class="panel-heading border">
Create User
</div>
<div class="panel-body">
<div class="row no-margin">
<div class="col-lg-12">
<form asp-action="Edit" class="form-horizontal bordered-group" role="form">
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
<input type="hidden" asp-for="_id" />
<div class="form-group">
<label asp-for="Subject" class="col-sm-2 control-label"></label>
<div class="col-sm-10">
<input asp-for="Subject" class="form-control" />
<span asp-validation-for="Subject" class="text-danger" />
</div>
</div>
<div class="form-group">
<label asp-for="MailFrom" class="col-sm-2 control-label"></label>
<div class="col-sm-10">
<input asp-for="MailFrom" class="form-control" />
<span asp-validation-for="MailFrom" class="text-danger" />
</div>
</div>
<div class="form-group">
<label asp-for="Body" class="col-sm-2 control-label"></label>
<div class="col-sm-10">
#* CKEDitor *#
<textarea id="editor1" name="editor1">
</textarea>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<input type="submit" value="Update" class="btn btn-default" />
</div>
</div>
</form>
</div>
</div>
</div>
</div>
<script type="text/javascript">CKEDITOR.replace('editor1');</script>
Why is the editor not displayed in another cshtml file?
I've also faced the same problem while integrating CKEditor in aps.net mvc project. After trying to determine the error I found that the Layout of the page is different. You may have the same problem.
Use id attribute and use a hash on the name.
<script type="text/javascript">CKEDITOR.replace('#editor1');</script>