I'm trying to send file, it works with common form confirm, but don't with XHR.
Here my HTML:
<form action="ajax/upload.php" method="post" name="form1" enctype="multipart/form-data" id="id1">
<input type="file" name="input1">
<input type="submit" name="submit1">
</form>
<form action="ajax/upload.php" method="post" name="form2" id="id2">
<input type="file" name="input2">
<input type="submit" name="submit2">
</form>
JS:
document.querySelector('#id2').onsubmit = function(e) {
e.preventDefault();
var file = document.querySelector('#id2 input[type="file"]').files[0];
var xhr = new XMLHttpRequest();
xhr.open("POST", "ajax/upload.php", true);
var boundary = String(Math.random()).slice(2);
xhr.setRequestHeader('Content-Type', 'multipart/form-data; boundary=' + boundary);
xhr.send(file);
}
PHP:
echo '<pre>';
var_dump($_REQUEST);
echo 'print_r($_FILES); <br>';
echo 'Result: <br><br>';
print_r($_FILES);
print "</pre>";
I send same file, responses for common submit:
array(1) {
["submit1"]=>
string(31) "Отправить запрос"
}
print_r($_FILES);
Result:
Array
(
[input1] => Array
(
[name] => CRC75.otf
[type] => application/vnd.oasis.opendocument.formula-template
[tmp_name] => /tmp/phpbNWcgk
[error] => 0
[size] => 411456
)
)
For AJAX:
array(0) {
}
print_r($_FILES);
Result:
Array
(
)
I can't understand why, file attached exist:
document.querySelector('#id2 input[type="file"]').files[0]
File { name: "CRC75.otf", lastModified: 1529516347000, webkitRelativePath: "", size: 411456, type: "application/vnd.oasis.opendocument.formula-template" }
Headers of AJAX request looks normal
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en;q=0.5
Connection: keep-alive
Content-Length: 411456
Content-Type: multipart/form-data; boundary=44316423440108066
Host: localhost
Referer: http://localhost/
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linu…) Gecko/20100101 Firefox/61.0
P.S.: It's the requirement that I cannot send a POST request.
You can't send a File directly in the send() parameter, you need to use a FormData object.
document.querySelector('#id2').onsubmit = function(e) {
e.preventDefault();
var formdata = new FormData;
var file = document.querySelector('#id2 input[type="file"]').files[0];
formdata.append("input2", file);
formdata.append("submit2", "Отправить запрос");
var xhr = new XMLHttpRequest();
xhr.open("POST", "ajax/upload.php", true);
xhr.send(formdata);
}
Don't use xhr.setRequestHeader() to set the Content-type header. This is done automatically by the browser. If you do it yourself, the boundary you specify won't match what it's actually sending.
I'm trying to send form data along with (optional) file from Javascript to ASP.NET MVC WebAPI controller. Data for sending is prepared in the following way:
var save = function () {
if (!validate())
return;
var details = new RecipeDetails();
details.id = recipeDetails.id;
details.name = name();
details.description = description() !== "" ? description() : null;
details.preparationTime = preparationTime();
details.totalTime = totalTime();
details.portions = portions() !== "" ? portions() : null;
var formData = new FormData();
formData.append("id", details.id);
formData.append("name", details.name);
formData.append("description", details.description);
formData.append("preparationTime", details.preparationTime);
formData.append("totalTime", details.totalTime);
formData.append("portions", details.portions);
recipeService.updateRecipeDetails(formData, saveSucceeded, saveFailed);
spinnerVisible(true);
};
I don't send picture yet. Service sends data in the following way:
var postFormData = function (url, formData, success, failure) {
$.ajax({
type: "POST",
url: url,
contentType: false,
data: formData,
cache: false,
processData: false,
success: success,
error: failure
});
};
It looks like Javascript sends data correctly, request payload looks like following:
------WebKitFormBoundaryo4APLG1O4LUg7fSf
Content-Disposition: form-data; name="id"
1
------WebKitFormBoundaryo4APLG1O4LUg7fSf
Content-Disposition: form-data; name="name"
Naleśniki1
------WebKitFormBoundaryo4APLG1O4LUg7fSf
Content-Disposition: form-data; name="description"
Opis
------WebKitFormBoundaryo4APLG1O4LUg7fSf
Content-Disposition: form-data; name="preparationTime"
00:15:00
------WebKitFormBoundaryo4APLG1O4LUg7fSf
Content-Disposition: form-data; name="totalTime"
00:20:00
------WebKitFormBoundaryo4APLG1O4LUg7fSf
Content-Disposition: form-data; name="portions"
4
------WebKitFormBoundaryo4APLG1O4LUg7fSf--
The controller's action looks like following:
[HttpPost]
[Authorize]
public HttpResponseMessage UpdateRecipeDetails(RecipeDetailsDto details)
{
int userId = User.Identity.GetId();
recipeService.UpdateRecipeDetails(userId, details);
return Request.CreateResponse(details);
}
Now the problem is, that Javascript receives 500 error and control never enters the UpdateRecipeDetails method.
Now to clarify:
I was first sending the form simply through POST body and everything worked, so it doesn't seem to be a problem with deserializing JSON;
I looked into IIS Express logs for clues, but there are none;
Nothing is inside Output/Debug pane in VS
Why cannot I send form data through FormData?
Response headers:
Request URL:http://localhost:6868/api/RecipeBackend/UpdateRecipeDetails
Request Method:POST
Status Code:500 Internal Server Error
Remote Address:[::1]:6868
Referrer Policy:no-referrer-when-downgrade
Cache-Control:no-cache
Content-Length:0
Date:Mon, 30 Oct 2017 10:47:36 GMT
Expires:-1
Pragma:no-cache
Server:Microsoft-IIS/10.0
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET
X-SourceFiles:=(...)=
I am trying to get a Ping message back from an API of a channel manager for hotels. (XML Open Travel Alliance)
I made the HTTP XML POST request first with SoapUI-5.3.0 tool including the following parameter:
otaRQ: <OTA_PingRQ xmlns="http://www.opentravel.org/OTA/2003/05" Version="3.30" TimeStamp="2011-07-24T10:07:24" Target="Production"> <EchoData><![CDATA[Hello World!!]]> </EchoData> </OTA_PingRQ>
and received the following XML response:
<OTA_PingRS PrimaryLangID="en" Target="Production" TimeStamp="2017-03-21T09:43:55" Version="3.00" xmlns="http://www.opentravel.org/OTA/2003/05">
<Success/>
<EchoData>Hello World!!</EchoData>
</OTA_PingRS>
I included the same parameter in the http POST request in NodeJS in the options variable in the headers object. (see code below)
Still I recieve the following response: 200 "'otaRQ' is missing in post-form data!"
So my question is, how do I get the same response like with SoapUI-5.3.0?
Thanks a lot for the efforts!
var http = require('http');
var body = '<OTA_PingRQ xmlns="http://www.opentravel.org/OTA/2003/05" Version="3.30" TimeStamp="2011-07-24T10:07:24" Target="Production"> <EchoData><![CDATA[Hello World!!]]></EchoData> </OTA_PingRQ>'
var postRequest = {
hostname: "cultswitch.cultuzz.de",
path: "/cultswitch/processOTA",
method: "POST",
port: 8080,
headers: {
'otaRQ': '<OTA_PingRQ xmlns="http://www.opentravel.org/OTA/2003/05" Version="3.30" TimeStamp="2011-07-24T10:07:24" Target="Production"> <EchoData><![CDATA[Hello World!!]]> </EchoData> </OTA_PingRQ>',
'Cookie': "cookie",
'Content-Type': 'text/xml',
'Content-Length': Buffer.byteLength(body)
}
};
var buffer = "";
var req = http.request( postRequest, function( res ) {
console.log( res.statusCode );
var buffer = "";
res.on( "data", function( data ) { buffer = buffer + data; } );
res.on( "end", function( data ) { console.log( buffer ); } );
});
req.on('error', function(e) {
console.log('problem with request: ' + e.message);
});
req.write( body );
req.end();
Excerpt from channel manager provider:
The data exchange will be carried out using the standard HTTP protocol. The
request message should be sent as POST-DATA within a parameter called 'otaRQ'
and the reply message will be written directly into the HTTP-Response by the
CultSwitch. CultSwitch accepts request in "text/xml" format only. CultSwitch also
supports gzip compression for every request and response. The requesting system
should set proper request headers. "PrimaryLangID" is mandatory to post any
request to CultSwitch.
I see that it requires your parameter be called otaRQ. You have not done that. Try this:
var body = 'otaRQ=<OTA_PingRQ xmlns="http://www.opentravel.org/OTA/2003/05" Version="3.30" TimeStamp="2011-07-24T10:07:24" Target="Production"> <EchoData><![CDATA[Hello World!!]]></EchoData> </OTA_PingRQ>'
Since your error message says that you are missing post-form data, try setting your content-type header to "application/x-www-form-urlencoded".
So, 'Content-type': 'application/x-www-form-urlencoded',
I am trying to upload images and couple of form elements to a MVC Controller. The problem here isn't the model not being populated, because it works with application/x-www-form-urlencoded but seems to have trouble with multipart/form-data. The core of the problem is, that Request.Form is not being populated...
Converting Form to FormData:
function frmValuesAsFormData(submittedForm) {
return new FormData(submittedForm);
}
AJAX Function (asFormData is passed in as True in this case and method is POST and dataType is JSON):
function executeAJAX(method, url, data, asFormData, silent, callbackFunc, receiveFunc, dataType, targetDiv, appendToExistingContent, uid) {
var cType = "application/x-www-form-urlencoded";
var processData = true;
if (asFormData) {
cType = "multipart/form-data";
processData = false;
}
$.ajax({
method: method,
url: url,
data: data,
contentType: cType,
cache: false,
dataType: dataType,
processData: processData,
success: function (d, t, j) {
// Do something with result from controller...
}
});
}
POST Headers (From FireBug)
Accept application/json, text/javascript, /; q=0.01
Accept-Encoding gzip, deflate Accept-Language en-GB,en;q=0.5
Content-Length 936 Content-Type multipart/form-data Cookie
ASP.NET_SessionId=mzppxvimv03qb0smtyrgdw3z Host localhost:64727
Referer http://localhost:64727/Home/Contact User-Agent Mozilla/5.0
(Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0
X-Requested-With XMLHttpRequest
POST Example (From FireBug):
-----------------------------26439188689323 Content-Disposition: form-data; name="imageFiles"; filename="WWKDK33.jpg" Content-Type:
image/jpeg
PNG ��� IHDR��"��"����xÕj��7IDATxÚíÚKÂ
ÐÞÿÒz�B3~Þ,Õb|nHàøÈ!B"D"D!B$!B"D"D!B$
!B"Dcdtå]µ
B"D!BÔKtb_xv-!B"Dunð+¯uÔ"D!BÑS*ï"B"D!B(Õl
B"D!B
ô¢ïü·½ä~"D!B¢URi,ÖÕ"D!BQ/Q:ò[*E"D!B¨a¼ÙôWÿéf"D!B¢]
HæL~eD!B"DöÍ_ÉòGGkA"D!BèD±}Çõò4
!B"DZôÀ½rª�"D!B¢eD¡¡y¡éøk!B
"D!ZGÔ;¯49ÛD!B"D"cöÊ#fåQ^D!B"D®I4_à|Ci#J!B"DÝ(s°
"D!B¢{7 £ÌÁ"D!B"D½DgBæant¿"D!BÑÖý¤ôm
"D!B"D"D!B$!B"A"D!D!B"A"D!ß|ÜYÆ
®«����IEND®B`
-----------------------------26439188689323 Content-Disposition: form-data; name="uploaderMode"
tournament
-----------------------------26439188689323--
Anyone any clues as to why it doesn't work? Thanks!
The issue is because when you send a FormData object in the request you have to set contentType to false so that no content-type header is sent. Try this:
if (asFormData) {
cType = false;
processData = false;
}
Also note that you could remove the need to send the asFormData property to your function entirely by just checking the type of the data property:
if (data.constructor == FormData) {
cType = false;
processData = false;
}
I have a machine on my local lan (machineA) that has two web servers. The first is the in-built one in XBMC (on port 8080) and displays our library. The second server is a CherryPy python script (port 8081) that I am using to trigger a file conversion on demand. The file conversion is triggered by a AJAX POST request from the page served from the XBMC server.
Goto http://machineA:8080 which displays library
Library is displayed
User clicks on 'convert' link which issues the following command -
jQuery Ajax Request
$.post('http://machineA:8081', {file_url: 'asfd'}, function(d){console.log(d)})
The browser issues a HTTP OPTIONS request with the following headers;
Request Header - OPTIONS
Host: machineA:8081
User-Agent: ... Firefox/4.01
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://machineA:8080
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
The server responds with the following;
Response Header - OPTIONS (STATUS = 200 OK)
Content-Length: 0
Access-Control-Allow-Headers: *
Access-Control-Max-Age: 1728000
Server: CherryPy/3.2.0
Date: Thu, 21 Apr 2011 22:40:29 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/html;charset=ISO-8859-1
The conversation then stops. The browser, should in theory, issue a POST request as the server responded with the correct (?) CORS headers (Access-Control-Allow-Origin: *)
For troubleshooting, I have also issued the same $.post command from http://jquery.com. This is where I am stumped, from jquery.com, the post request works, a OPTIONS request is sent following by a POST. The headers from this transaction are below;
Request Header - OPTIONS
Host: machineA:8081
User-Agent: ... Firefox/4.01
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://jquery.com
Access-Control-Request-Method: POST
Response Header - OPTIONS (STATUS = 200 OK)
Content-Length: 0
Access-Control-Allow-Headers: *
Access-Control-Max-Age: 1728000
Server: CherryPy/3.2.0
Date: Thu, 21 Apr 2011 22:37:59 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/html;charset=ISO-8859-1
Request Header - POST
Host: machineA:8081
User-Agent: ... Firefox/4.01
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://jquery.com/
Content-Length: 12
Origin: http://jquery.com
Pragma: no-cache
Cache-Control: no-cache
Response Header - POST (STATUS = 200 OK)
Content-Length: 32
Access-Control-Allow-Headers: *
Access-Control-Max-Age: 1728000
Server: CherryPy/3.2.0
Date: Thu, 21 Apr 2011 22:37:59 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/json
I can't work out why the same request would work from one site, but not the other. I am hoping someone might be able to point out what I am missing. Thanks for your help!
I finally stumbled upon this link "A CORS POST request works from plain javascript, but why not with jQuery?" that notes that jQuery 1.5.1 adds the
Access-Control-Request-Headers: x-requested-with
header to all CORS requests. jQuery 1.5.2 does not do this. Also, according to the same question, setting a server response header of
Access-Control-Allow-Headers: *
does not allow the response to continue. You need to ensure the response header specifically includes the required headers. ie:
Access-Control-Allow-Headers: x-requested-with
REQUEST:
$.ajax({
url: "http://localhost:8079/students/add/",
type: "POST",
crossDomain: true,
data: JSON.stringify(somejson),
dataType: "json",
success: function (response) {
var resp = JSON.parse(response)
alert(resp.status);
},
error: function (xhr, status) {
alert("error");
}
});
RESPONSE:
response = HttpResponse(json.dumps('{"status" : "success"}'))
response.__setitem__("Content-type", "application/json")
response.__setitem__("Access-Control-Allow-Origin", "*")
return response
I solved my own problem when using google distance matrix API by setting my request header with Jquery ajax. take a look below.
var settings = {
'cache': false,
'dataType': "jsonp",
"async": true,
"crossDomain": true,
"url": "https://maps.googleapis.com/maps/api/distancematrix/json?units=metric&origins=place_id:"+me.originPlaceId+"&destinations=place_id:"+me.destinationPlaceId+"®ion=ng&units=metric&key=mykey",
"method": "GET",
"headers": {
"accept": "application/json",
"Access-Control-Allow-Origin":"*"
}
}
$.ajax(settings).done(function (response) {
console.log(response);
});
Note what i added at the settings
**
"headers": {
"accept": "application/json",
"Access-Control-Allow-Origin":"*"
}
**
I hope this helps.
Took me some time to find the solution.
In case your server response correctly and the request is the problem, you should add withCredentials: true to the xhrFields in the request:
$.ajax({
url: url,
type: method,
// This is the important part
xhrFields: {
withCredentials: true
},
// This is the important part
data: data,
success: function (response) {
// handle the response
},
error: function (xhr, status) {
// handle errors
}
});
Note: jQuery >= 1.5.1 is required
Well I struggled with this issue for a couple of weeks.
The easiest, most compliant and non hacky way to do this is to probably use a provider JavaScript API which does not make browser based calls and can handle Cross Origin requests.
E.g. Facebook JavaScript API and Google JS API.
In case your API provider is not current and does not support Cross Origin Resource Origin '*' header in its response and does not have a JS api (Yes I am talking about you Yahoo ),you are struck with one of three options-
Using jsonp in your requests which adds a callback function to your URL where you can handle your response.
Caveat this will change the request URL so your API server must be equipped to handle the ?callback= at the end of the URL.
Send the request to your API server which is controller by you and is either in the same domain as the client or has Cross Origin Resource Sharing enabled from where you can proxy the request to the 3rd party API server.
Probably most useful in cases where you are making OAuth requests and need to handle user interaction Haha! window.open('url',"newwindowname",'_blank', 'toolbar=0,location=0,menubar=0')
This is a summary of what worked for me:
Define a new function (wrapped $.ajax to simplify):
jQuery.postCORS = function(url, data, func) {
if(func == undefined) func = function(){};
return $.ajax({
type: 'POST',
url: url,
data: data,
dataType: 'json',
contentType: 'application/x-www-form-urlencoded',
xhrFields: { withCredentials: true },
success: function(res) { func(res) },
error: function() {
func({})
}
});
}
Usage:
$.postCORS("https://example.com/service.json",{ x : 1 },function(obj){
if(obj.ok) {
...
}
});
Also works with .done,.fail,etc:
$.postCORS("https://example.com/service.json",{ x : 1 }).done(function(obj){
if(obj.ok) {
...
}
}).fail(function(){
alert("Error!");
});
Server side (in this case where example.com is hosted), set these headers (added some sample code in PHP):
header('Access-Control-Allow-Origin: https://not-example.com');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 604800');
header("Content-type: application/json");
$array = array("ok" => $_POST["x"]);
echo json_encode($array);
This is the only way I know to truly POST cross-domain from JS.
JSONP converts the POST into GET which may display sensitive information at server logs.
Using this in combination with Laravel solved my problem. Just add this header to your jquery request Access-Control-Request-Headers: x-requested-with and make sure that your server side response has this header set Access-Control-Allow-Headers: *.
I had the exact same issue where jquery ajax only gave me cors issues on post requests where get requests worked fine - I tired everything above with no results. I had the correct headers in my server etc. Changing over to use XMLHTTPRequest instead of jquery fixed my issue immediately. No matter which version of jquery I used it didn't fix it. Fetch also works without issues if you don't need backward browser compatibility.
var xhr = new XMLHttpRequest()
xhr.open('POST', 'https://mywebsite.com', true)
xhr.withCredentials = true
xhr.onreadystatechange = function() {
if (xhr.readyState === 2) {// do something}
}
xhr.setRequestHeader('Content-Type', 'application/json')
xhr.send(json)
Hopefully this helps anyone else with the same issues.
This function will asynchronously get an HTTP status reply from a CORS-enabled page. Only a page with the proper headers returns a 200 status if accessed via XMLHttpRequest -- whether GET or POST is used. Nothing can be done on the client side to get around this except possibly using JSONP if you just need a json object.
The following can be modified to get the data held in the xmlHttpRequestObject object:
function checkCorsSource(source) {
var xmlHttpRequestObject;
if (window.XMLHttpRequest) {
xmlHttpRequestObject = new XMLHttpRequest();
if (xmlHttpRequestObject != null) {
var sUrl = "";
if (source == "google") {
var sUrl = "https://www.google.com";
} else {
var sUrl = "https://httpbin.org/get";
}
document.getElementById("txt1").innerHTML = "Request Sent...";
xmlHttpRequestObject.open("GET", sUrl, true);
xmlHttpRequestObject.onreadystatechange = function() {
if (xmlHttpRequestObject.readyState == 4 && xmlHttpRequestObject.status == 200) {
document.getElementById("txt1").innerHTML = "200 Response received!";
} else {
document.getElementById("txt1").innerHTML = "200 Response failed!";
}
}
xmlHttpRequestObject.send();
} else {
window.alert("Error creating XmlHttpRequest object. Client is not CORS enabled");
}
}
}
<html>
<head>
<title>Check if page is cors</title>
</head>
<body>
<p>A CORS-enabled source has one of the following HTTP headers:</p>
<ul>
<li>Access-Control-Allow-Headers: *</li>
<li>Access-Control-Allow-Headers: x-requested-with</li>
</ul>
<p>Click a button to see if the page allows CORS</p>
<form name="form1" action="" method="get">
<input type="button" name="btn1" value="Check Google Page" onClick="checkCorsSource('google')">
<input type="button" name="btn1" value="Check Cors Page" onClick="checkCorsSource('cors')">
</form>
<p id="txt1" />
</body>
</html>
If for some reasons while trying to add headers or set control policy you're still getting nowhere you may consider using apache ProxyPass…
For example in one <VirtualHost> that uses SSL add the two following directives:
SSLProxyEngine On
ProxyPass /oauth https://remote.tld/oauth
Make sure the following apache modules are loaded (load them using a2enmod):
proxy
proxy_connect
proxy_http
Obviously you'll have to change your AJAX requests url in order to use the apache proxy…
This is a little late to the party, but I have been struggling with this for a couple of days. It is possible and none of the answers I found here have worked. It's deceptively simple.
Here's the .ajax call:
<!DOCTYPE HTML>
<html>
<head>
<body>
<title>Javascript Test</title>
<script src="http://code.jquery.com/jquery-latest.min.js"></script>
<script type="text/javascript">
$(document).domain = 'XXX.com';
$(document).ready(function () {
$.ajax({
xhrFields: {cors: false},
type: "GET",
url: "http://XXXX.com/test.php?email='steve#XXX.com'",
success: function (data) {
alert(data);
},
error: function (x, y, z) {
alert(x.responseText + " :EEE: " + x.status);
}
});
});
</script>
</body>
</html>
Here's the php on the server side:
<html>
<head>
<title>PHP Test</title>
</head>
<body>
<?php
header('Origin: xxx.com');
header('Access-Control-Allow-Origin:*');
$servername = "sqlxxx";
$username = "xxxx";
$password = "sss";
$conn = new mysqli($servername, $username, $password);
if ($conn->connect_error) {
die( "Connection failed: " . $conn->connect_error);
}
$sql = "SELECT email, status, userdata FROM msi.usersLive";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo $row["email"] . ":" . $row["status"] . ":" . $row["userdata"] . "<br>";
}
} else {
echo "{ }";
}
$conn->close();
?>
</body>