I am trying to use the token interceptor that ships with Struts in order to implement a CSRF check. However instead of using a
I am making an AJAX call from within some JS:foo.jsp:
var strutsToken = "";
bar.js:
$.ajax({
url: '/endpoint',
data: strutsToken,
dataType: 'jsonp',
cache: true,
success: function() { console.log('success'); },
error: function() { console.log('failure'); }
});
I've confirmed the token value is making it into the JS variable:
> strutsToken
"N3ZLLLR2Y3QGMZP0L3UCYWI5CO5NYZEY"
Unfortunately when that AJAX request is made an invalid-token error is thrown on the server.
Is what I am attempting to do possible and if so, how?