Home > front end >  asp.net core Ajax requests gives 400 bad request but POSTMAN works
asp.net core Ajax requests gives 400 bad request but POSTMAN works

Time:02-24

I am facing trouble with ajax request in asp.net core blazor application. I have tried almost everything i can find on stackoverflow related to ajax post call results in 400 bad request I have following controller

[Route("api/{controller}/{action}/{id?}")]
    public class BoldReportsAPIController : ControllerBase, IReportController
    {
        // Report viewer requires a memory cache to store the information of consecutive client request and
        // have the rendered report viewer information in server.
        private IMemoryCache _cache;

        // IHostingEnvironment used with sample to get the application data from wwwroot.
        private IWebHostEnvironment _hostingEnvironment;

        public BoldReportsAPIController(IMemoryCache memoryCache, IWebHostEnvironment hostingEnvironment)
        {
            _cache = memoryCache;
            _hostingEnvironment = hostingEnvironment;
        }
// Post action to process the report from server based json parameters and send the result back to the client.
        [HttpPost]
        public object PostReportAction([FromBody] Dictionary<string, object> jsonArray)
        {
            return ReportHelper.ProcessReport(jsonArray, this, this._cache);
        }

       
    }

When i make request with postman it works fine as shown below. Postman call

But when i make ajax call it gives 400 bad request error.

I have literally replaced original ajax call with the code generated from postman but that code doesn't work also.

 var settings = {
                    "async": true,
                    "crossDomain": true,
                    "url": "https://localhost:44313/api/BoldReportsAPI/PostReportAction",
                    "method": "POST",
                    "headers": {
                        "content-type": "application/json",
                        "cache-control": "no-cache",
                        "postman-token": "fbed680d-0143-ab86-24e6-176c16d713bf"
                    },
                    "processData": false,
                    "data": "{\"reportAction\":\"ReportLoad\",\"isReloadReport\":false,\"controlId\":\"report-viewer\",\"reportPath\":\"sales-order-detail\",\"enableVirtualEvaluation\":false,\"reportServerUrl\":\"\",\"processingMode\":\"remote\",\"locale\":\"en-US\",\"accessInternalValue\":false,\"customBrandSettings\":{\"hideHelpLink\":false,\"customDomain\":\"https://help.boldreports.com\",\"customBrandName\":\"Bold Reports\",\"customLinks\":[{\"name\":\"ESLicenseMessage\",\"url\":\"/licensing/license-token/\"}]}}\r\n"
                }

                $.ajax(settings).done(function (response) {
                    console.log(response);
                });

CodePudding user response:

It was due to ant forgery token. Apparently, ABP automatically adds antiforgery token so after adding

[IgnoreAntiforgeryToken(Order = 2000)]

to my action method, issue was resolved.

But it feels like I am breaking security.

CodePudding user response:

While using ValidateAntiForgeryToken, you have to add the headers for the Report Viewer API interaction. You can refer to the below article to add the headers for your Report Viewer interaction. These need to be added with the ReportViewer introp.

https://help.boldreports.com/embedded-reporting/javascript-reporting/report-viewer/handle-post-actions/#add-custom-header-in-ajax-request

If you have any queries on this, you can get more details through the below Bold Reports support system.

https://support.boldreports.com/support

  • Related