Codeigniter CSRF valid for only one time ajax request
In my opinion you should try to recreate your csrf token each request
Try this code example...
For the js funcion
var csrfName = '<?php echo $this->security->get_csrf_token_name(); ?>',
csrfHash = '<?php echo $this->security->get_csrf_hash(); ?>';
("#avatar").change(function(){
var link = $("#avatar").val();
var dataJson = { [csrfName]: csrfHash, id: "hello", link: link };
$.ajax({
url : "<?php echo base_url('main/test'); ?>",
type: 'post',
data: dataJson,
success : function(data)
{
csrfName = data.csrfName;
csrfHash = data.csrfHash;
alert(data.message);
}
});
});
and for the controller
public function test() {
$config['upload_path'] = './uploads/';
$config['allowed_types'] = 'gif|jpg|png';
$config['max_size'] = 500;
$config['max_width'] = 260;
$config['max_height'] = 260;
$reponse = array(
'csrfName' => $this->security->get_csrf_token_name(),
'csrfHash' => $this->security->get_csrf_hash()
)
$this->load->library('upload', $config);
if (!$this->upload->do_upload('link')) {
$reponse['message'] = "error";
}
else {
$data = array('upload_data' => $this->upload->data());
$image_name = $data['upload_data']['file_name'];
$reponse['message'] = $image_name;
}
echo json_encode($reponse);
}
Let me know and good luck
Note: When someone ask you for posting more data to the question, don't post it as a comment or answer, it's better to edit the question itself and adding the stuff
CSRF Token Valid on First Submit in Ajax - Codeigniter
I have same problem and i solve this by refreshing csrf token. New csrf token get in ajax response form server and replace it old token which is store in form hidden field and when you submit again use the new token.It solve my problem hopes your problem also fixed by doing this, for more use this link https://codeigniter.com/user_guide/libraries/security.html
How to include CSRF from Codeigniter into ajax data
The token needs to be passed in the data
argument of $.ajax
.
This should work but see my notes below.
order['<?php echo $this->security->get_csrf_token_name(); ?>'] = '<?php echo $this->security->get_csrf_hash(); ?>';
However, there are a few bad practices going on here. Mainly you should not use PHP in your javascript because this prevents you from being able to access the javascript as a separate file (this is good because browsers will cache it to make your page load faster and consume less bandwidth).
It's better to store the token in your order <form>
html like this..
<input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash(); ?>" />
Then it will get serialized with the rest of your form data.
You can also store the URL in the form's action attribute. This will help your script gracefully degrade and also keeps the URL in one place instead of 2.
<form id="order" method="post" action="<?=base_url()?>admin/category/update_order">
In the $.ajax
call, use something like this url: $('#order').attr('action'),
assuming #order is the actual form id.
Codeigniter csrf token with ajax request (500 internal server error)
Add the CSRF token to your data
option before posting:
$.ajax({
type: "POST",
url: $this.attr("action"),
data: {'<?php echo $this->security->get_csrf_token_name(); ?>':'<?php echo $this->security->get_csrf_hash(); ?>',/*....your data....*/},
beforeSend: function() {
mensaje.html('<p><img src="public/frontend/img/miniloader.gif"><span><small> Iniciando..</small></span></p>');
}
})
The CSRF token needs to be sent with each request so it should be specified by the data. The echo
statement does this. You can add this separately and serialize, but I've shown what you are missing.
Codeigniter fetching data with from ajax with CSRF on
How about this approach.
$.ajaxSetup({
headers: {
'<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>'
}
});
$(document).on('click', '.edit_category', function() {
$.ajax({
type: 'POST',
url: base_url + 'admin/getinfo_category',
data: {
'category_id': $(this).data('id')
},
success:function(data){
console.log( JSON.parse(data) );
},
error: function (data) {
console.log('ajax error');
} // end of error
}); // ajax
});
Related Topics
Utf8_(En|De)Code Removed from PHP7
Why Does PHP Not Complain When I Treat a Null Value as an Array Like This
What Is a Good Method to Sanitize the Whole $_Post Array in PHP
Phpmysql Error - #1273 - #1273 - Unknown Collation: 'Utf8Mb4_General_Ci'
MySQL Stored Procedure VS. Complex Query
Php-Sort Array Based on Another Array
How to Set for Specific Directory Open_Basedir
Load Block Outside Magento, and Apply Current Template
How to Make Codeigniter Accept "Query String" Urls
Replace Ereg_Replace with Preg_Replace
How to Force an Image Download in the Browser
How to Use Http_X_Forwarded_For Properly
How to Give Container as Argument to Services
Twilio PHP - Ssl Certificate: Self Signed Certificate in Certificate Chain
Rsa Encryption/Decryption Compatible with JavaScript and PHP
What's the Difference Between Is_Null($Var) and ($Var === Null)