laravel-datatables-buttons icon indicating copy to clipboard operation
laravel-datatables-buttons copied to clipboard
verified publisher icon yajra

POST Export Buttons Incompatible with Custom AJAX Configuration

Open arce701 opened this issue 4 months ago • 0 comments

Summary The postExcel and postCsv buttons fail when using custom AJAX configuration with POST method, creating compatibility issues for server-side processing with custom headers/timeouts. Environment

Laravel: 12.x yajra/laravel-datatables: 12.4 yajra/laravel-datatables-buttons: latest

Problem Description When configuring DataTables with custom AJAX settings (required for CSRF tokens, custom headers, or timeout settings), the POST export buttons don't work correctly. Code Example DataTable Configuration:

public function html(): HtmlBuilder
{
    return $this->builder()
        ->setTableId('customers-table')
        ->columns($this->getColumns())
        ->ajax([
            'type' => 'POST',
            'timeout' => 15000,
            'headers' => [
                'X-CSRF-TOKEN' => csrf_token()
            ]
        ])
        ->buttons(['postExcel', 'postCsv']);
}

Controller:

public function index(Request $request, CustomersDataTable $dataTable)
{
    if ($request->ajax()) {
        return $dataTable->ajax();
    }
    return $dataTable->render('customers.index');
}

Current Behavior

Export buttons create blob URLs that don't download Buttons redirect to home page instead of exporting Filtered data is not exported correctly

Expected Behavior

POST export should work seamlessly with custom AJAX configuration Export should include filtered/searched data Should maintain URL length optimization for WAF compatibility

Use Cases Requiring This Fix

WAF Protection: Long GET URLs are blocked by Web Application Firewalls CSRF Security: POST requests with CSRF tokens are security requirements Custom Headers: Authentication headers, request timeouts, etc. Production Environments: Many production setups require POST for data operations

Proposed Solution The buttons.server-side.js should detect custom AJAX configuration and adapt export behavior accordingly:

When custom AJAX URL is present, use base URL + /export route When custom headers exist, include them in export requests Maintain POST method consistency for export operations

Impact This affects any Laravel application using:

Custom AJAX configuration for security WAF-protected environments Production applications requiring CSRF protection Applications with custom authentication headers

Workaround Currently requires manual JavaScript override of export buttons, which defeats the purpose of the plugin's convenience. Would appreciate a built-in solution that handles these common production requirements.

arce701 avatar Aug 15 '25 05:08 arce701