10

I’ve got a issue here, i keep getting a error when i try to post something with ajax (POST). I know it is the CSRF that gives me these problems and I’ve been tried back and forth trying to find a solution. However, i hope somebody here can help me out!

This is the error i keep getting (from google chrome inspector),

*Failed to load resource: the server responded with a status of 500 (Internal Server Error) XHR finished loading: "http://localhost/woho/ajax/images".*

PHP (Controller)

class Ajax extends CI_Controller {

    function images() {

        echo 'Hello World';

    }

}

Javascript

var ID = $(".imageWrap:last").attr("id");
var baseurl = "http://localhost/woho/";
var doScroll = 1;
var cct = $.cookie('csrf_cookie_name');

if (location.href == baseurl) {
    $(window).scroll(function(){
        if ($(window).scrollTop() > $('body').height() / 2) {
            if(doScroll == 1) {                   
                $.post(baseurl + 'ajax/images',{'id' : ID, 'csrf_token_name': cct}, function(data) {
                    alert(data);
                    $("#wrapper_content").append(data);
                    ID++;
                });
            }
        }
    });
}

my CCT var from javascript gives me the correct token or "hash" but when the javascript sends the ajax request codeigniter returns an error like,

An Error Was Encountered The action you have requested is not allowed.

How can i fix this? do i need to validate the CSRF Token or something in my controller?

I'm using Codeigniter 2.0.3

Improve this question
1
  • by the way, in 2.0.3 there is no such thing as $this->security->get_csrf_token_name(); Not sure where @Alfonso Rubalcava got that. Commented Oct 14, 2011 at 4:29

6 Answers 6

Reset to default
11

Try (javascript):

var ID = $(".imageWrap:last").attr("id");
var baseurl = "http://localhost/woho/";
var doScroll = 1;
var cct = $.cookie("<?php echo $this->config->item("csrf_cookie_name"); ?>");

if (location.href == baseurl) {
    $(window).scroll(function(){
        if ($(window).scrollTop() > $('body').height() / 2) {
            if(doScroll == 1) {                   
                $.post(baseurl + 'ajax/images',{'id':ID,'<?php echo $this->security->get_csrf_token_name(); ?>': cct}, function(data) {
                    alert(data);
                    $("#wrapper_content").append(data);
                    ID++;
                });
            }
        }
    });
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

OMFG, Ofc i need to use the actual name, and not the var. Haha, man, thanks! Tunnel vision next?
3

check value of your $config['csrf_token_name'] in /application/config/config.php as default is setted as csrf_test_name not csrf_token_name.

This decision if you not want to use PHP code in Javascript. 

$.ajax({
    url: 'some_url',
    type: 'POST',
    data: {csrf_test_name: $.cookie('csrf_cookie_name')}
});

This code works fine.

Improve this answer

Comments

1

If you use the form_open("/some",'id="some_form"') and form_close() , CI create a hidden input that keep the csrf_token_name and it value.

so , in your AJAX request , you can get the form by serialize it and send form !

For example:

<script>
var _form = $("#some_form").serializeArray();
$.ajax({
    data: _form,
    type: 'post',
    url: '<?php echo base_url();?>some',
    async: true,
    success: function(output){
        alert(output);
    },
    complete: function(output){},
    fail: function(err){}
});
</script>

The CSRF always was my problem and by this method, it solved!!

Improve this answer

Comments

0

it may be late but i found this perfect solution sort of hack but should work 

if (isset($_SERVER["REQUEST_URI"])) 
{
    if(stripos($_SERVER["REQUEST_URI"],'/mypage') === FALSE)
    {
        $config['csrf_protection'] = TRUE;
    }
    else
    {
        $config['csrf_protection'] = FALSE;
    } 
} 
else 
{
    $config['csrf_protection'] = TRUE;
}

// in config.php file ci 2.*

found solution from this post

Improve this answer

Comments

0

I was facing same problem but now I have fixed this problem.

First of all, I have created csrf_token in header.php for every pages like below code

$csrf = array(
                'name' => $this->security->get_csrf_token_name(),
                'hash' => $this->security->get_csrf_hash()
        );

<script type="text/javascript">
    var cct = "<?php echo $csrf ['hash']; ?>";
  </script>

After that, when we are sending particular value through ajax then we will have to sent csrf token like below code

$.ajax({
    url:"<?php echo APPPATHS.'staff_leave/leaveapproval/getAppliedLeaveDetails'; ?>",
    data:{id:id,status:status,'<?php echo $this->security->get_csrf_token_name(); ?>': cct},
    method:"post",
    dataType:"json",
    success:function(response)
    {
        alert('success');
    }
});

I hope this code will help you because this is working for me.

Improve this answer

Comments

-1

Just follow this code:

$.ajax({
    type : 'post',
    url  : 'Your URL',
    data : {
        id: id,
        '<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>'
    },
    datatype: 'json',
    success : function(data){}
});
Improve this answer

1 Comment

I think this is the same answer as the other ones, including the accepted.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.