+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: CodeIgniter 2.x (https://forum.codeigniter.com/forumdisplay.php?fid=18)
+--- Thread: csrf protection via ajax (/showthread.php?tid=69747)
csrf protection via ajax - nitin.d12 - 01-12-2018
I have 4 ajax call in a page having 4 different forms for csrf protection. But not working with ajax. Please help me out for csrf protection with more than one call of ajax in a single page.
RE: csrf protection via ajax - dave friend - 01-12-2018
(01-12-2018, 03:03 AM)nitin.d12 Wrote: I have 4 ajax call in a page having 4 different forms for csrf protection. But not working with ajax. Please help me out for csrf protection with more than one call of ajax in a single page.
Tell me if this is the situation.
You have this in config.php
PHP Code:
$config['csrf_regenerate'] = TRUE;
And the four ajax calls are "POST" requests. The first request works but the rest fail.
Right?
If so, the issue is with
PHP Code:
$config['csrf_regenerate'] = TRUE;
That's the right and proper thing to do but it complicates multiple ajax calls. What happens is that every time a "POST" request is made a new csrf hash is created. You will have to return the new hash and incorporate it into your next ajax call. It also means that you will have nest the ajax calls so that the next one cannot run until the current call returns.
More advice that that will require you sharing some code.
RE: csrf protection via ajax - natanfelles - 01-12-2018
Have a look at this files:
https://github.com/natanfelles/codeigniter-migrate/blob/b92423f57f27a257f1e4c4f9f09cf1cb396cb237/application/controllers/Migrate.php#L155
https://github.com/natanfelles/codeigniter-migrate/blob/b92423f57f27a257f1e4c4f9f09cf1cb396cb237/application/views/migrate.php#L123
* CI 3