Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ajax post with CSRF-TOKEN? #154

Open
githubwyllie opened this issue Mar 20, 2024 · 1 comment
Open

Ajax post with CSRF-TOKEN? #154

githubwyllie opened this issue Mar 20, 2024 · 1 comment
Labels
enhancement

Comments

@githubwyllie
Copy link

githubwyllie commented Mar 20, 2024
edited
Loading

How can I append the ajax property an headers for an X-CSRF-TOKEN?


const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
                        
const el = document.getElementById('h5p-container');
const options = {
                            h5pJsonPath: 'h5p-content/true-false-question-34806/',
                            frameJs: 'h5p/frame.bundle.js',
                            frameCss: 'h5p/styles/h5p.css',
                            postUserStatistics: true,
                            ajax: {
                                setFinishedUrl: "{{ route('h5p.finish') }}",

                                // THIS DOES NOT WORK 
                                headers: {
                                    'X-CSRF-TOKEN': csrfToken, // Use the fetched CSRF token here
                                    '_method': 'patch',
                                },

                            },
                        };                        
new H5PStandalone.H5P(el, options);

For testing this workarround worked for me in Laravel:

<script>
                        $.ajax({
                            url: "{{ route('h5p.finish') }}",
                            type: 'POST', 
                            data: {
                                contentId: 'lykvh3vvf',
                                score: 1,
                                maxScore: 1,
                                opened: 1710971851,
                                finished: 1710971854
                            },

                            // THIS WORK 
                                headers: {
                                    'X-CSRF-TOKEN': csrfToken, // Use the fetched CSRF token here
                                    '_method': 'patch',
                                },

                        });
 </script>
@0xMurage
Copy link
Collaborator

0xMurage commented Dec 4, 2024

Hello, did you find a solution for this?

The handling of post-finished results for users is not managed by this library, but rather by the H5P core library, specifically this line: H5P.js Line 2252.

There are plans to reduce the tight coupling of this library with the H5P core library, which we hope will allow anyone to override it independently.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0xMurage @githubwyllie