Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. Qt for WebAssembly
  4. How can WebAssebly send a HTTP POST request with Referer header?
Forum Updated to NodeBB v4.3 + New Features

How can WebAssebly send a HTTP POST request with Referer header?

Scheduled Pinned Locked Moved Unsolved Qt for WebAssembly
1 Posts 1 Posters 269 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B Offline
    B Offline
    Balazs Beregnyei
    wrote on last edited by
    #1

    My Qt app is working with a Django Rest API backend with CSRF enabled. Besides having CSRF cookies in the CookieJar, I have to add 2 raw headers while sending POST requests: X-CSRFToken and Referer. Both Mac and Windows target apps work just fine. But the WebAssembly target can only send GET, but cannot send POST, because Qt filters out the Referer header with this message in the browser console: Qt has trimmed the following forbidden headers from the request: Referer. I know it is not a Qt limitation, but the Javascript sandbox limitation. When I hack the wasm binary to force Qt not to filter Referer out, I got some similar error from the browser itself. I don't really understand the security reasons behind, but it would be quite weird if WebAssembly wouldn't be able to communicate with a CSRF enabled backend. How can I make it work? Now I have a quite unuseful WebAssembly target which can only read the database but unable to write it... As far as I know, it is not possible to have CSRF enabled in Django with disabled Referer. Any suggestions are welcome. Thanks!

    1 Reply Last reply
    0

    • Login

    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Get Qt Extensions
    • Unsolved