-
-
Notifications
You must be signed in to change notification settings - Fork 54
Description
Summary
The postExcel and postCsv buttons fail when using custom AJAX configuration with POST method, creating compatibility issues for server-side processing with custom headers/timeouts.
Environment
Laravel: 12.x
yajra/laravel-datatables: 12.4
yajra/laravel-datatables-buttons: latest
Problem Description
When configuring DataTables with custom AJAX settings (required for CSRF tokens, custom headers, or timeout settings), the POST export buttons don't work correctly.
Code Example
DataTable Configuration:
public function html(): HtmlBuilder
{
return $this->builder()
->setTableId('customers-table')
->columns($this->getColumns())
->ajax([
'type' => 'POST',
'timeout' => 15000,
'headers' => [
'X-CSRF-TOKEN' => csrf_token()
]
])
->buttons(['postExcel', 'postCsv']);
}
Controller:
public function index(Request $request, CustomersDataTable $dataTable)
{
if ($request->ajax()) {
return $dataTable->ajax();
}
return $dataTable->render('customers.index');
}
Current Behavior
Export buttons create blob URLs that don't download
Buttons redirect to home page instead of exporting
Filtered data is not exported correctly
Expected Behavior
POST export should work seamlessly with custom AJAX configuration
Export should include filtered/searched data
Should maintain URL length optimization for WAF compatibility
Use Cases Requiring This Fix
WAF Protection: Long GET URLs are blocked by Web Application Firewalls
CSRF Security: POST requests with CSRF tokens are security requirements
Custom Headers: Authentication headers, request timeouts, etc.
Production Environments: Many production setups require POST for data operations
Proposed Solution
The buttons.server-side.js should detect custom AJAX configuration and adapt export behavior accordingly:
When custom AJAX URL is present, use base URL + /export route
When custom headers exist, include them in export requests
Maintain POST method consistency for export operations
Impact
This affects any Laravel application using:
Custom AJAX configuration for security
WAF-protected environments
Production applications requiring CSRF protection
Applications with custom authentication headers
Workaround
Currently requires manual JavaScript override of export buttons, which defeats the purpose of the plugin's convenience.
Would appreciate a built-in solution that handles these common production requirements.