Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help ajax Forbidden error
ajax Forbidden error
  • Offline mstdmstd
    Junior Member
  • **
  • Posts: 31
    Threads: 22
    Joined: Dec 2015
    Reputation: 0
#3
01-09-2016, 12:45 AM

yes, in my backend/application/config/config.php :

Code:
$config['global_xss_filtering'] = FALSE;

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'dp_csrf_tk';
$config['csrf_cookie_name'] = 'dp_csrf_ck';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();

I remade control with setting name/hash :
       $data['csrf'] = array(
           'name' => $this->security->get_csrf_token_name(),
           'hash' => $this->security->get_csrf_hash()
       );
       $this->load->view( 'categories/edit', $data );

but seems that was not issue of problem.

In my form there is line like:

Code:
  <input type="hidden" name="dp_csrf_tk" value="b0e299db72dba3d32fa60565ebe05662" />
  This page is category editor with 2 fields name, description and listing of images. Without hidden input above
  tring to submit this form I got error:
The action you have requested is not allowed.

But this csrf protection for the form with post method. I upload /show / delete images with methods I mentioned above.
So in source I see 2 similar methods, one of working ok, the second raise error 403 (Forbidden) :

VALID REQUEST:

Code:
           var post_data = {
               'dp_csrf_tk' : 'aeebc203bca894d36aad8d41e04f43de'
           };
           alert( "loadCategoryImages LISTING post_data::"+var_dump(post_data) )
           jQuery.ajax({
               url: "http://local-displo-wp.com/backend/en/categories/load_category_images?category_id="+category_id+"&category_name="+encodeURIComponent(category_name),
               type: 'POST',
               data: post_data,
               dataType: 'json',
               success: function(result) {
                  ...
               }
           });
           
           
INVALID REQUEST with error 403 (Forbidden) :

Code:
           var post_data = {
               'dp_csrf_tk' : 'aeebc203bca894d36aad8d41e04f43de'
           };
           alert( "deleteCategoryImage post_data::"+var_dump(post_data) )
           jQuery.ajax({
               url: "http://local-displo-wp.com/backend/en/categories/delete_category_image?category_id=" + encodeURIComponent(category_id) + '&image_name='+encodeURIComponent(image_name),
               type: 'POST',
               data: post_data,
               dataType: 'json',
               success: function(result) {
                  ...
               }
           });      


I do not see the difference...

and putting in config the url from the second wrong request :

PHP Code:
$config['csrf_exclude_uris'] = array('categories/delete_category_image'); 


I have the same error 403 (Forbidden)
Reply


Messages In This Thread
ajax Forbidden error - by mstdmstd - 01-08-2016, 07:20 AM
RE: ajax Forbidden error - by mr_pablo - 01-08-2016, 07:33 AM
RE: ajax Forbidden error - by mstdmstd - 01-09-2016, 12:45 AM



Theme © iAndrew 2016 - Forum software by © MyBB