Ajax CSRF 403 forbidden codeigniter

2020-06-19 05:57发布

站内问答 / PHP
1302 2 5

Hello I am calling controller to get section using AJAX in my codeigniter based app which have CSRF Enable

my ajax code

    $('#classes').change(function(){  
  $classes=$(this).val();
            $.ajax({
             type:"POST",
             data:{
                 '<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>',
                 'class':$classes
             },
             url:"<?php echo base_url();?>index.php/admin/getsection/"+$classes,
             success:function(return_data)
             {
                //alert(return_data);
                $('#section').html('');
                $('#section').html(return_data);
                $('#section').val(section);
             }
    });

When I Call ajax function first time, it will run perfect. but when i run the same function again, it will return 403 forbidden error.

Please advice what I do

2条回答
欢心
2楼-- · 2020-06-19 06:39

From the docs:

Tokens may be either regenerated on every submission (default) or kept the same throughout the life of the CSRF cookie. The default regeneration of tokens provides stricter security, but may result in usability concerns as other tokens become invalid (back/forward navigation, multiple tabs/windows, asynchronous actions, etc). You may alter this behavior by editing the following config parameter

$config['csrf_regenerate'] = TRUE;

Set that to FALSE.

查看更多
0人赞 添加讨论(0) 举报
做自己的国王
3楼-- · 2020-06-19 06:56 
ur controller should be like this 

 function reply(){       
        $insert = $this->Message_model->send_message2();
        $csrf = $this->security->get_csrf_hash();
if($this->input->is_ajax_request())
{
   header("Content-type: application/json; charset=utf-8");
echo json_encode(array("data" => $insert,'csrf'=> $csrf)); 
}




ur jquery should be this way

var token = data.csrf;

$.ajax({
    url: '/next/ajax/request/url',
    type: 'POST',
    data: { new_data: 'new data to send via post', csrf_token:token },
    cache: false,
    success: function(data, textStatus, jqXHR) {
        // Get new csrf token for next ajax post
        var new_csrf_token = data.csrf     
       //Do something with data returned from post request
    },
    error: function(jqXHR, textStatus, errorThrown) {
      // Handle errors here
      console.log('ERRORS: ' + textStatus + ' - ' + errorThrown );
    }
});
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)