Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Added X-CSRF-Token #1151

wants to merge 1 commit into from

2 participants


I'm adding FineUploader to my project and have been scratching my head trying to find out how to send the CSRF token with the upload so I don't get "Can't verify CSRF token authenticity" errors.

After playing around with the code I found that adding it in the handler.xhr.js file works a treat!


Is there any reason you can't use the request.customHeaders option?


Ah, didn't realise there was a custom headers option, will try it.


I'll close this then. Also, all pull requests need to be against the develop branch.

@rnicholus rnicholus closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 2, 2014
  1. @deanperry

    Added X-CSRF-Token

    deanperry authored
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 0 deletions.
  1. +1 −0  client/js/traditional/handler.xhr.js
1  client/js/traditional/handler.xhr.js
@@ -117,6 +117,7 @@ qq.UploadHandlerXhr = function(spec, proxy) {
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
xhr.setRequestHeader("Cache-Control", "no-cache");
+ xhr.setRequestHeader("X-CSRF-Token", $("meta[name='csrf-token']").attr("content"));
if (!multipart) {
xhr.setRequestHeader("Content-Type", "application/octet-stream");
Something went wrong with that request. Please try again.