Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices AJAX and CSRF in CI 4.0.4
AJAX and CSRF in CI 4.0.4
  • Offline brabus
    Junior Member
  • **
  • Posts: 29
    Threads: 8
    Joined: Sep 2019
    Reputation: 0
#4
Question  12-20-2020, 08:27 AM
(This post was last modified: 12-20-2020, 08:28 AM by brabus.)

I'm putting into header, csrf token with filter..

Code:
<?php namespace App\Filters;

use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;

class CSRFInitFilter implements FilterInterface
{

    /**
    * Do whatever processing this filter needs to do.
    * By default it should not return anything during
    * normal execution. However, when an abnormal state
    * is found, it should return an instance of
    * CodeIgniter\HTTP\Response. If it does, script
    * execution will end and that Response will be
    * sent back to the client, allowing for error pages,
    * redirects, etc.
    *
    * @param RequestInterface $request
    * @param null            $arguments
    *
    * @return mixed
    */
    public function before(RequestInterface $request, $arguments = null)
    {
        // TODO: Implement before() method.
    }

    /**
    * Allows After filters to inspect and modify the response
    * object as needed. This method does not allow any way
    * to stop execution of other after filters, short of
    * throwing an Exception or Error.
    *
    * @param RequestInterface  $request
    * @param ResponseInterface $response
    * @param null              $arguments
    *
    * @return mixed
    */
    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
    {
// You can check if ($request->isAJAX()), i'll done it through filter,
$response->setHeader(csrf_header(), Services::security()->getCSRFHash());
    }
}


[Filters.php]

Code:
public $filters = [
// Allow only ajax requests
'ajax_request_check' => [
'before' => [
'account/*',
],
'after' => [],
],
'user_smtp_limit' => [
'before' => [
'account/*',
],
'after' => [],
],
'csrf_init_filter' => [
'before' => [],
'after' => [
'account/*',
]];


[app.js]
Code:
$.ajax({
                    url: url,
                    type: 'post',
                    dataType: 'json',
                    data: $('form#' + $(this).attr('id')).serialize(),
                    success: function (data, textStatus, request) {
                        l2.csrf.attr('content', request.getResponseHeader(l2.csrf_header_name));
                        setTimeout(function () {
                            l2.btn_signup.removeAttribute('disabled');
                        }, 7500);
                    },
                    complete: function () {}
                });
If that doe's not work then you have problems in your coding.

realy?
Reply


Messages In This Thread
AJAX and CSRF in CI 4.0.4 - by chirinolopez71 - 12-19-2020, 10:43 AM
RE: AJAX and CSRF in CI 4.0.4 - by InsiteFX - 12-19-2020, 01:31 PM
RE: AJAX and CSRF in CI 4.0.4 - by chirinolopez71 - 12-19-2020, 02:31 PM
RE: AJAX and CSRF in CI 4.0.4 - by brabus - 12-20-2020, 08:27 AM
RE: AJAX and CSRF in CI 4.0.4 - by JrengGo - 03-02-2022, 09:34 PM



Theme © iAndrew 2016 - Forum software by © MyBB