I’ve got a issue here, i keep getting a error when i try to post something with ajax (POST). I know it is the CSRF that gives me these problems and I’ve been tried back and forth trying to find a solution. However, i hope somebody here can help me out!
This is the error i keep getting (from google chrome inspector),
*Failed to load resource: the server responded with a status of 500 (Internal Server Error)
XHR finished loading: "http://localhost/woho/ajax/images".*
PHP (Controller)
class Ajax extends CI_Controller {
function images() {
echo 'Hello World';
}
}
Javascript
var ID = $(".imageWrap:last").attr("id");
var baseurl = "http://localhost/woho/";
var doScroll = 1;
var cct = $.cookie('csrf_cookie_name');
if (location.href == baseurl) {
$(window).scroll(function(){
if ($(window).scrollTop() > $('body').height() / 2) {
if(doScroll == 1) {
$.post(baseurl + 'ajax/images',{'id' : ID, 'csrf_token_name': cct}, function(data) {
alert(data);
$("#wrapper_content").append(data);
ID++;
});
}
}
});
}
my CCT var from javascript gives me the correct token or "hash" but when the javascript sends the ajax request codeigniter returns an error like,
An Error Was Encountered The action you have requested is
not allowed.
How can i fix this? do i need to validate the CSRF Token or something in my controller?
I'm using Codeigniter 2.0.3
Try (javascript):
var ID = $(".imageWrap:last").attr("id");
var baseurl = "http://localhost/woho/";
var doScroll = 1;
var cct = $.cookie("<?php echo $this->config->item("csrf_cookie_name"); ?>");
if (location.href == baseurl) {
$(window).scroll(function(){
if ($(window).scrollTop() > $('body').height() / 2) {
if(doScroll == 1) {
$.post(baseurl + 'ajax/images',{'id':ID,'<?php echo $this->security->get_csrf_token_name(); ?>': cct}, function(data) {
alert(data);
$("#wrapper_content").append(data);
ID++;
});
}
}
});
}
check value of your $config['csrf_token_name'] in /application/config/config.php as default is setted as csrf_test_name not csrf_token_name.
This decision if you not want to use PHP code in Javascript.
$.ajax({
url: 'some_url',
type: 'POST',
data: {csrf_test_name: $.cookie('csrf_cookie_name')}
});
This code works fine.
If you use the form_open("/some",'id="some_form"') and form_close() , CI create a hidden input that keep the csrf_token_name and it value.
so , in your AJAX request , you can get the form by serialize it and send form !
For example:
<script>
var _form = $("#some_form").serializeArray();
$.ajax({
data: _form,
type: 'post',
url: '<?php echo base_url();?>some',
async: true,
success: function(output){
alert(output);
},
complete: function(output){},
fail: function(err){}
});
</script>
The CSRF always was my problem and by this method, it solved!!
it may be late but i found this perfect solution sort of hack but should work
if (isset($_SERVER["REQUEST_URI"]))
{
if(stripos($_SERVER["REQUEST_URI"],'/mypage') === FALSE)
{
$config['csrf_protection'] = TRUE;
}
else
{
$config['csrf_protection'] = FALSE;
}
}
else
{
$config['csrf_protection'] = TRUE;
}
// in config.php file ci 2.*
found solution from this post
Just follow this code:
$.ajax({
type : 'post',
url : 'Your URL',
data : {
id: id,
'<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>'
},
datatype: 'json',
success : function(data){}
});
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我命由我不由天 的文章《Codeigniter (CSRF) jQuery ajax problem》','https://www.manongdao.com/article-240271.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}