search

ckeditor / ckeditor5

Powerful rich text editor framework with a modular architecture, modern integrations, and features like collaborative editing.
https://ckeditor.com/ckeditor-5
Other
9.35k stars 3.68k forks source link

use ClassicEditor to upload image , I don't know how to set csrf headers #1959

Closed juandx closed 5 years ago

juandx commented 5 years ago

Is this a bug report or feature request? (choose one)

Other

💻 Version of CKEditor

CKEditor5 version

📋 Steps to reproduce

1.use ClassicEditor to upload image , I don't know how to set csrf headers 2.this is my code in html, I use flask as backend

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <title>CKEditor 5 - Classic editor</title>
    <script src="Public/home/js/ckeditor.js"></script>
</head>
<body>
    <h1>Classic editor</h1>
    <form action="/submit" method="post">
        <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
        <textarea name="content" id="editor">
            &lt;p&gt;This is some sample content.&lt;/p&gt;
        </textarea>
        <p><input type="submit" value="Submit"></p>
    </form>
    <script>
        ClassicEditor
            .create( document.querySelector( '#editor' ), {

                ckfinder: {
                    uploadUrl: "/upload",
                    headers: {XcsrfToken: '{{ csrf_token() }}'}
                }
            })
            .catch( error => {
                console.error( error );
            } );
    </script>
</body>
Mgsy commented 5 years ago

Hello, CKFinder has own CSRF protection. Actually, this topic was raised some time ago, please take a look at following ticket - https://github.com/ckeditor/ckeditor5/issues/887#issuecomment-372329766 to get more details.