admin管理员组文章数量:1200974
I’ve got a issue here, i keep getting a error when i try to post something with ajax (POST). I know it is the CSRF that gives me these problems and I’ve been tried back and forth trying to find a solution. However, i hope somebody here can help me out!
This is the error i keep getting (from google chrome inspector),
*Failed to load resource: the server responded with a status of 500 (Internal Server Error) XHR finished loading: "http://localhost/woho/ajax/images".*
PHP (Controller)
class Ajax extends CI_Controller {
function images() {
echo 'Hello World';
}
}
Javascript
var ID = $(".imageWrap:last").attr("id");
var baseurl = "http://localhost/woho/";
var doScroll = 1;
var cct = $.cookie('csrf_cookie_name');
if (location.href == baseurl) {
$(window).scroll(function(){
if ($(window).scrollTop() > $('body').height() / 2) {
if(doScroll == 1) {
$.post(baseurl + 'ajax/images',{'id' : ID, 'csrf_token_name': cct}, function(data) {
alert(data);
$("#wrapper_content").append(data);
ID++;
});
}
}
});
}
my CCT var from javascript gives me the correct token or "hash" but when the javascript sends the ajax request codeigniter returns an error like,
An Error Was Encountered The action you have requested is not allowed.
How can i fix this? do i need to validate the CSRF Token or something in my controller?
I'm using Codeigniter 2.0.3
I’ve got a issue here, i keep getting a error when i try to post something with ajax (POST). I know it is the CSRF that gives me these problems and I’ve been tried back and forth trying to find a solution. However, i hope somebody here can help me out!
This is the error i keep getting (from google chrome inspector),
*Failed to load resource: the server responded with a status of 500 (Internal Server Error) XHR finished loading: "http://localhost/woho/ajax/images".*
PHP (Controller)
class Ajax extends CI_Controller {
function images() {
echo 'Hello World';
}
}
Javascript
var ID = $(".imageWrap:last").attr("id");
var baseurl = "http://localhost/woho/";
var doScroll = 1;
var cct = $.cookie('csrf_cookie_name');
if (location.href == baseurl) {
$(window).scroll(function(){
if ($(window).scrollTop() > $('body').height() / 2) {
if(doScroll == 1) {
$.post(baseurl + 'ajax/images',{'id' : ID, 'csrf_token_name': cct}, function(data) {
alert(data);
$("#wrapper_content").append(data);
ID++;
});
}
}
});
}
my CCT var from javascript gives me the correct token or "hash" but when the javascript sends the ajax request codeigniter returns an error like,
An Error Was Encountered The action you have requested is not allowed.
How can i fix this? do i need to validate the CSRF Token or something in my controller?
I'm using Codeigniter 2.0.3
Share Improve this question asked Sep 8, 2011 at 17:06 DextyDexty 1,4726 gold badges17 silver badges27 bronze badges 1 |6 Answers
Reset to default 11Try (javascript):
var ID = $(".imageWrap:last").attr("id");
var baseurl = "http://localhost/woho/";
var doScroll = 1;
var cct = $.cookie("<?php echo $this->config->item("csrf_cookie_name"); ?>");
if (location.href == baseurl) {
$(window).scroll(function(){
if ($(window).scrollTop() > $('body').height() / 2) {
if(doScroll == 1) {
$.post(baseurl + 'ajax/images',{'id':ID,'<?php echo $this->security->get_csrf_token_name(); ?>': cct}, function(data) {
alert(data);
$("#wrapper_content").append(data);
ID++;
});
}
}
});
}
check value of your $config['csrf_token_name'] in /application/config/config.php as default is setted as csrf_test_name not csrf_token_name.
This decision if you not want to use PHP code in Javascript.
$.ajax({
url: 'some_url',
type: 'POST',
data: {csrf_test_name: $.cookie('csrf_cookie_name')}
});
This code works fine.
If you use the form_open("/some",'id="some_form"') and form_close() , CI create a hidden input that keep the csrf_token_name and it value.
so , in your AJAX request , you can get the form by serialize it and send form !
For example:
<script>
var _form = $("#some_form").serializeArray();
$.ajax({
data: _form,
type: 'post',
url: '<?php echo base_url();?>some',
async: true,
success: function(output){
alert(output);
},
complete: function(output){},
fail: function(err){}
});
</script>
The CSRF always was my problem and by this method, it solved!!
it may be late but i found this perfect solution sort of hack but should work
if (isset($_SERVER["REQUEST_URI"]))
{
if(stripos($_SERVER["REQUEST_URI"],'/mypage') === FALSE)
{
$config['csrf_protection'] = TRUE;
}
else
{
$config['csrf_protection'] = FALSE;
}
}
else
{
$config['csrf_protection'] = TRUE;
}
// in config.php file ci 2.*
found solution from this post
I was facing same problem but now I have fixed this problem.
First of all, I have created csrf_token in header.php for every pages like below code
$csrf = array(
'name' => $this->security->get_csrf_token_name(),
'hash' => $this->security->get_csrf_hash()
);
<script type="text/javascript">
var cct = "<?php echo $csrf ['hash']; ?>";
</script>
After that, when we are sending particular value through ajax then we will have to sent csrf token like below code
$.ajax({
url:"<?php echo APPPATHS.'staff_leave/leaveapproval/getAppliedLeaveDetails'; ?>",
data:{id:id,status:status,'<?php echo $this->security->get_csrf_token_name(); ?>': cct},
method:"post",
dataType:"json",
success:function(response)
{
alert('success');
}
});
I hope this code will help you because this is working for me.
Just follow this code:
$.ajax({
type : 'post',
url : 'Your URL',
data : {
id: id,
'<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>'
},
datatype: 'json',
success : function(data){}
});
本文标签: phpCodeigniter (CSRF) jQuery ajax problemStack Overflow
版权声明:本文标题:php - Codeigniter (CSRF) jQuery ajax problem - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1738551392a2097444.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
$this->security->get_csrf_token_name();Not sure where @Alfonso Rubalcava got that. – Jakub Commented Oct 14, 2011 at 4:29