GroceryCRUD add, edit buttons not working when ena

2019-07-30 16:10发布

站内问答 / 前沿技术
791 2 4

I am using GroceryCRUD 1.5.0 with CodeIgniter 2.2.0.

When enabling CodeIgniter's internal CSRF protection with:

$config['csrf_protection'] = TRUE;

in application/config/config.php, then the GroceryCRUD auto-generated action buttons (edit, view) and links (add) does not work anymore.

It seems that the CSRF token is not passed along in the Ajax calls (confirmed with Firebug). It is possible to use this CodeIgniter feature with GroceryCRUD?

2条回答
在下西门庆
2楼-- · 2019-07-30 16:48

I finally managed to solve my problem. Two options are available:

The easy way:

Set:

$config['grocery_crud_dialog_forms'] = false;

in application/config/grocery_crud.php.

This option works well without CSRF protection enabled (that is, it can be set to true to produce more elegant forms), but fails when set if no code modifications are done in the javascript.

The elegant way:

If we want to use:

$config['grocery_crud_dialog_forms'] = true;

in application/config/grocery_crud.php to have the cute forms, then:

  1. include the jquery.cookie plugin in pages with forms

  2. add this code to your JS files to auto-magically insert the CSRF token in all ajax POST calls:

$(document).ready(function() {
    var csrf_token= $.cookie('csrf_cookie_name');

    $.ajaxSetup({
        data: {
            'csrf_test_name' : csrf_token
        }
    });	
});

I hope this will help someone else.

查看更多
0人赞 添加讨论(0) 举报
神经病院院长
3楼-- · 2019-07-30 16:53

Just in case someone has the same error: For CI 3.0.1 and GroceryCRUD 1.5.1, Cookies are properly sent with AJAX requests, however because the token changes, only the first request will work.

To always use the same token, set (in application/config/config.php):

$config['csrf_regenerate'] = FALSE;

Edit: Manual for reference: http://www.codeigniter.com/user_guide/libraries/security.html#cross-site-request-forgery-csrf

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)