DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

Is it possible to restrict what parameters are posted on the ajax url

Is it possible to restrict what parameters are posted on the ajax url

wjhumphreyswjhumphreys Posts: 52Questions: 9Answers: 5
in Free community support

If I am using Server Side paging but the only parameters I need to pass are draw, start and length.

I have no need for all the search and various things to be passed.

The reason is in Asp.net MVC a security protection kicks in because the URL becomes to long after a certain amount of columns are created. It is possible to fix this in the config files but being as I dont need all this extra data id rather disable it if possible.

Just to give an example this is how much is being posted that isn't required on a 10 column table.

[SOME_URL]?draw=1&columns%5B0%5D%5Bdata%5D=0&columns%5B0%5D%5Bname%5D=&columns%5B0%5D%5Bsearchable%5D=true&columns%5B0%5D%5Borderable%5D=false&columns%5B0%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B0%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B1%5D%5Bdata%5D=1&columns%5B1%5D%5Bname%5D=&columns%5B1%5D%5Bsearchable%5D=true&columns%5B1%5D%5Borderable%5D=false&columns%5B1%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B1%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B2%5D%5Bdata%5D=2&columns%5B2%5D%5Bname%5D=&columns%5B2%5D%5Bsearchable%5D=true&columns%5B2%5D%5Borderable%5D=false&columns%5B2%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B2%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B3%5D%5Bdata%5D=3&columns%5B3%5D%5Bname%5D=&columns%5B3%5D%5Bsearchable%5D=true&columns%5B3%5D%5Borderable%5D=false&columns%5B3%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B3%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B4%5D%5Bdata%5D=4&columns%5B4%5D%5Bname%5D=&columns%5B4%5D%5Bsearchable%5D=true&columns%5B4%5D%5Borderable%5D=false&columns%5B4%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B4%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B5%5D%5Bdata%5D=5&columns%5B5%5D%5Bname%5D=&columns%5B5%5D%5Bsearchable%5D=true&columns%5B5%5D%5Borderable%5D=false&columns%5B5%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B5%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B6%5D%5Bdata%5D=6&columns%5B6%5D%5Bname%5D=&columns%5B6%5D%5Bsearchable%5D=true&columns%5B6%5D%5Borderable%5D=false&columns%5B6%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B6%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B7%5D%5Bdata%5D=7&columns%5B7%5D%5Bname%5D=&columns%5B7%5D%5Bsearchable%5D=true&columns%5B7%5D%5Borderable%5D=false&columns%5B7%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B7%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B8%5D%5Bdata%5D=8&columns%5B8%5D%5Bname%5D=&columns%5B8%5D%5Bsearchable%5D=true&columns%5B8%5D%5Borderable%5D=false&columns%5B8%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B8%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B9%5D%5Bdata%5D=9&columns%5B9%5D%5Bname%5D=&columns%5B9%5D%5Bsearchable%5D=true&columns%5B9%5D%5Borderable%5D=false&columns%5B9%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B9%5D%5Bsearch%5D%5Bregex%5D=false&start=0&length=99&search%5Bvalue%5D=&search%5Bregex%5D=false&_=1404523861774

Which should be really more like (for me)

[SOME_URL]?draw=1&start=0&length=100

This question has an accepted answers - jump to answer

Answers

  • anaganag Posts: 48Questions: 2Answers: 7

    Just taking a guess but could you capture that lengthy URL above in beforeSend and return your shorter URL to post with AJAX?

  • wjhumphreyswjhumphreys Posts: 52Questions: 9Answers: 5

    I possible could but I would rather turn it off if possible.

  • wjhumphreyswjhumphreys Posts: 52Questions: 9Answers: 5
    Answer ✓

    Ill answer this myself.

    The simple answer is no. I do think this is something that should be built in.

    I'm using DataTables 1.10.1-dev here.

    I never recommend altering the code base as it makes updates easier to break.

    But if you dont mind that this is what I did.

    From line 2478

    This should be directly after


    // DataTables 1.9- compatible method
        param( 'sEcho',          settings.iDraw );
        param( 'iColumns',       columnCount );
        param( 'sColumns',       _pluck( columns, 'sName' ).join(',') );
        param( 'iDisplayStart',  displayStart );
        param( 'iDisplayLength', displayLength );

    Add the following until line 2536 that starts with


    // If the legacy.ajax parameter is null, then we automatically decide which
        // form to use, based on sAjaxSource         var legacy = DataTable.ext.legacy.ajax;
        if ( legacy === null ) {
            return settings.sAjaxSource ? data : d;
        }



          //  ALTERATION HERE REMARK START 1
      /*

        // DataTables 1.10+ method
        var d = {
            draw:    settings.iDraw,
            columns: [],
            order:   [],
            start:   displayStart,
            length:  displayLength,
            search:  {
                value: preSearch.sSearch,
                regex: preSearch.bRegex
            }
        };

    */

      // ALTERATION HERE REMARK END 1

      // ALTERATION HERE ADDITION START 2

    // DataTables 1.10+ method
        var d = {
          draw: settings.iDraw,
          order: [],
          start: displayStart,
          length: displayLength
        };
    
      //  ALTERATION HERE ADDITION END 2

      //  ALTERATION HERE REMARK START 3
      /*

        for ( i=0 ; i<columnCount ; i++ ) {
            column = columns[i];
            columnSearch = preColSearch[i];
            dataProp = typeof column.mData=="function" ? 'function' : column.mData ;
    
            d.columns.push( {
                data:       dataProp,
                name:       column.sName,
                searchable: column.bSearchable,
                orderable:  column.bSortable,
                search:     {
                    value: columnSearch.sSearch,
                    regex: columnSearch.bRegex
                }
            } );

            param( "mDataProp_"+i, dataProp );
    
            if ( features.bFilter ) {
                param( 'sSearch_'+i,     columnSearch.sSearch );
                param( 'bRegex_'+i,      columnSearch.bRegex );
                param( 'bSearchable_'+i, column.bSearchable );
            }
    
            if ( features.bSort ) {
                param( 'bSortable_'+i, column.bSortable );
            }
        }
    
        if ( features.bFilter ) {
            param( 'sSearch', preSearch.sSearch );
            param( 'bRegex', preSearch.bRegex );
        }
    
        if ( features.bSort ) {
            $.each( sort, function ( i, val ) {
                d.order.push( { column: val.col, dir: val.dir } );
    
                param( 'iSortCol_'+i, val.col );
                param( 'sSortDir_'+i, val.dir );
            } );
    
            param( 'iSortingCols', sort.length );
        }
    
    */

      // ALTERATION HERE REMARK END 3
  • allanallan Posts: 63,498Questions: 1Answers: 10,471 Site admin

    The approach I would generally recommend here is to use POST rather than GET. I made a mistake having it as get by default back in v1.5 when this feature was first available, and I can't change the default without breaking a whole lot of things now. But use ajax to send the data as POST and the issue is mostly resolved.

    Failing that, if you want to modify the data object that is being sent to the server, use preXhr to do so, or ajax.data. Then you can delete what you don't want to have it send.

    Regards,
    Allan

This discussion has been closed.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.