DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

Ajax url().load and reload() append original parameters to the new request

Ajax url().load and reload() append original parameters to the new request

MichelRMichelR Posts: 4Questions: 2Answers: 0
edited April 2021 in Free community support

Hi,

This is a weird one that came up during a security scan. I initialize a datatable using ajax - this works perfectly fine. Users are able to select new search criteria to load a new set of data, so to achieve this I set a new URL using table.ajax.url(...), basically building a request URL, for example:

let searchUrl = `variable/search?searchText=${variableSearchText.value}&cycleId=${variableCycle.value}&varSourceTypeId=${variableSourceTypes.value}&focusId=${variableFocus.value}&groupId=${variableGroup.value}&statusId=${variableStatus.value}`;

Then I have:

variableSearchTable.ajax.url(searchUrl).load()

This works fine. However, the security scan has revealed that when we do this, the request URL also contains the original parameters. For example:

https://localhost:44318/variable/search?searchText=person&cycleId=9&varSourceTypeId=1&focusId=74&groupId=-1&statusId=-1*****&searchText=&cycleId=30&varSourceTypeId=1&focusId=-1&groupId=-1&statusId=-1&_=1617278247367

The first part is the result of setting ajax.url() with searchUrl above. The part that follows "*****" (added by me here) contains the parameters from the very first Ajax call when the DataTable is being built. The ASP.Net Core Web API at the other end doesn't seem to mind this at all and uses only the new parameters; I guess it just discards the extra stuff.

I've tried first set ajax.url() to an empty string and then setting it to what I want, same result. I also tried first setting it and then using ajax.reload(), same result.

That seems more like an annoyance than an actual problem, but I'm wondering if I'm not using ajax.url() properly or if it's a bug?

Thanks,
Michel

Answers

  • allanallan Posts: 63,847Questions: 1Answers: 10,518 Site admin

    Hi Michel,

    Rather than setting the parameters for the query string as part of the URL, do so using the ajax.data option (as a function). In that way the function will be executed every time you do a reload, and the parameters automatically added on.

    That said, what you are seeing is a bit surprising if you are only using ajax as a string and only ever using query parameters as part of the url given.

    Allan

  • MichelRMichelR Posts: 4Questions: 2Answers: 0

    Hi Allan,

    Sorry for the late reply. Other things came calling and I forgot I had posted this. :) I ended up dropping ajax.data from the DataTable initialization and just calling my search function after the table is initialized. The way things are set up I don't think I can make it work the way you described, but I'll see if I can do some refactoring and get it to work as it would be a cleaner approach.

    Thanks,
    Michel

This discussion has been closed.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.