I'm successfully communicating with the PowerPages API from a Vue SPA hosted on a StaticWebApp (after having set the expected CORS config).
Now as you can guess I need to do PATCH & POST requests so I need the kind of CSRF token that is managed in the officially suggested safeAjax snippet.
I'm using Axios for my requests and not using jQuery (anymore for years now).
How can I satisfy this CSRF protection without jQuery and shell ?
Here is my attempt of porting safeAjax to vanilla JS, but it still requires the global shell & validateLoginSession()
safeAjax(config) {
return new Promise((resolve, reject) => {
shell.getTokenDeferred()
.then(token => {
if (!config.headers) config.headers = {}
config.headers.__RequestVerificationToken = token
fetch(config)
.then(resolve)
.then(response => {
const xhr = new XMLHttpRequest();
xhr.status = response.status;
xhr.statusText = response.statusText;
xhr.responseURL = response.config.url;
xhr.response = response.data;
xhr.readyState = 4;
validateLoginSession(response.data, response.status, xhr, resolve)
})
.catch(error => {
return reject(error)
})
})
.catch(error => {
return reject(error)
})
})
}