Codeigniter Csrf Valid for Only One Time Ajax Request

Codeigniter CSRF valid for only one time ajax request

In my opinion you should try to recreate your csrf token each request

Try this code example...

For the js funcion

var csrfName = '<?php echo $this->security->get_csrf_token_name(); ?>',
    csrfHash = '<?php echo $this->security->get_csrf_hash(); ?>';
("#avatar").change(function(){
    var link = $("#avatar").val();

    var dataJson = { [csrfName]: csrfHash, id: "hello", link: link };

    $.ajax({
        url : "<?php echo base_url('main/test'); ?>",
        type: 'post',
        data: dataJson,            
        success : function(data)
        {   
            csrfName = data.csrfName;
            csrfHash = data.csrfHash;
            alert(data.message);
        }  
    });
});

and for the controller

public function test() { 
    $config['upload_path'] = './uploads/'; 
    $config['allowed_types'] = 'gif|jpg|png'; 
    $config['max_size'] = 500; 
    $config['max_width'] = 260; 
    $config['max_height'] = 260; 

    $reponse = array(
                'csrfName' => $this->security->get_csrf_token_name(),
                'csrfHash' => $this->security->get_csrf_hash()
                )

    $this->load->library('upload', $config); 
    if (!$this->upload->do_upload('link')) { 
        $reponse['message'] = "error"; 
    } 
    else { 
        $data = array('upload_data' => $this->upload->data()); 
        $image_name = $data['upload_data']['file_name']; 
        $reponse['message'] = $image_name; 
    } 

    echo json_encode($reponse);
}

Let me know and good luck

Note: When someone ask you for posting more data to the question, don't post it as a comment or answer, it's better to edit the question itself and adding the stuff

CSRF Token Valid on First Submit in Ajax - Codeigniter

I have same problem and i solve this by refreshing csrf token. New csrf token get in ajax response form server and replace it old token which is store in form hidden field and when you submit again use the new token.It solve my problem hopes your problem also fixed by doing this, for more use this link https://codeigniter.com/user_guide/libraries/security.html

How to include CSRF from Codeigniter into ajax data

The token needs to be passed in the data argument of $.ajax.

This should work but see my notes below.

order['<?php echo $this->security->get_csrf_token_name(); ?>'] = '<?php echo $this->security->get_csrf_hash(); ?>';

However, there are a few bad practices going on here. Mainly you should not use PHP in your javascript because this prevents you from being able to access the javascript as a separate file (this is good because browsers will cache it to make your page load faster and consume less bandwidth).

It's better to store the token in your order <form> html like this..

<input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash(); ?>" />

Then it will get serialized with the rest of your form data.

You can also store the URL in the form's action attribute. This will help your script gracefully degrade and also keeps the URL in one place instead of 2.

<form id="order" method="post" action="<?=base_url()?>admin/category/update_order">

In the $.ajax call, use something like this url: $('#order').attr('action'), assuming #order is the actual form id.

Codeigniter csrf token with ajax request (500 internal server error)

Add the CSRF token to your data option before posting:

 $.ajax({
    type: "POST",
    url: $this.attr("action"),
    data: {'<?php echo $this->security->get_csrf_token_name(); ?>':'<?php echo $this->security->get_csrf_hash(); ?>',/*....your data....*/},
    beforeSend: function() {
        mensaje.html('<p><img src="public/frontend/img/miniloader.gif"><span><small> Iniciando..</small></span></p>');
    }
})

The CSRF token needs to be sent with each request so it should be specified by the data. The echo statement does this. You can add this separately and serialize, but I've shown what you are missing.

Codeigniter fetching data with from ajax with CSRF on

How about this approach.

$.ajaxSetup({
    headers: {
        '<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>'
    }
});

$(document).on('click', '.edit_category', function() {

  $.ajax({
    type: 'POST',
    url: base_url + 'admin/getinfo_category',
    data: {
      'category_id': $(this).data('id')
    },
    success:function(data){
      console.log( JSON.parse(data) );
    },
    error: function (data) {

      console.log('ajax error');
    } // end of error

  }); // ajax

});

Related Topics

Cron Dispatcher Cakephp 2.0

Utf8_(En|De)Code Removed from PHP7

Why Does PHP Not Complain When I Treat a Null Value as an Array Like This

What Is a Good Method to Sanitize the Whole $_Post Array in PHP

Phpmysql Error - #1273 - #1273 - Unknown Collation: 'Utf8Mb4_General_Ci'

MySQL Stored Procedure VS. Complex Query

Php-Sort Array Based on Another Array

How to Set for Specific Directory Open_Basedir

Load Block Outside Magento, and Apply Current Template

Array in SQL Query

How to Make Codeigniter Accept "Query String" Urls

Replace Ereg_Replace with Preg_Replace

How to Force an Image Download in the Browser

How to Use Http_X_Forwarded_For Properly

How to Give Container as Argument to Services

Twilio PHP - Ssl Certificate: Self Signed Certificate in Certificate Chain

Rsa Encryption/Decryption Compatible with JavaScript and PHP

What's the Difference Between Is_Null($Var) and ($Var === Null)


Leave a reply



Submit