This topic explains server-side processing when users submit a form in Insites.
Comprehending this subject requires a prior understanding of the following topics:
The first thing that occurs before every POST request is a CSRF token validation. The system does not proceed with the user's session if it is not provided.
For AJAX calls, provide the following headers:
If you use the
The system then tries to identify the form used to process the user's request. To do so, the server checks for the
The next step is authorisation using Permissions. These are processed in the order they were defined - from top to bottom. If the authorisation fails, the server stops processing the form and handles authorisation policy failure (usually via a redirect or rendering '403' error).
Once all authorisation policies pass, the next item to be checked is an authorisation for the resource_owner property. It checks if the currently logged-in user can access the resource with the given
Resource Owner is only relevant for 'update' or 'delete' operations. It is irrelevant for the 'create' operation, as no resource is available during that time.
The next step is to extend or overwrite the user's input with
The result of merging the user's input with
If validation passes, the changeset between the existing state of the resource and user input is calculated and made accessible via the
The resource's new state persists in the database. In the case of the rare scenario of an internal server error, the changes are rolled back, and the server renders a '500' error.
The next step is to process the callback synchronously.
The system then schedules asynchronous callback processes in the background.
The next step is to schedule all notifications (email, SMS, API calls) to be processed in the background.
If the format is set to HTML, the
It is possible to send a request via AJAX but receive an HTML response from the server. The trick is explicitly setting the HTML format by appending
The server will render HTML if validation fails (so you could display errors) or return a JSON, including a redirect URL upon success.
Didn't quite find what you are looking for or have feedback on how we can make the content better then we would love to hear from you. Please provide us feedback and we will get back to you shortly.