ajax Forbidden error |
Hello,
In my codeigniter 3.0.3 I have page for uploading(using jquery.fileupload library)/show listing/deleting of images In control I send security object PHP Code: $data['security'] = $this->security; and in view in ajax post requests I send parameters from this security object. It works in 1 case and retiurns 403(Forbidden) error in 2 cases: Deleting Image : Code: var post_data = { Uploading of image : Code: var post_data = { Loading Of images : Code: var post_data = { In all 3 requests ajax request as "POST" with "json" dataType return parameter wuth the same csrf array as parameters. in url methods of the same control http://local-displo-wp.com/backend/en/categories I do not see why only third requests works ok but 2 first returns error?
Instead of defining
PHP Code: $data['security'] = $this->security; Have you tried passing the CRSF token data like it outlines here, http://www.codeigniter.com/user_guide/li...rgery-csrf ?
yes, in my backend/application/config/config.php :
Code: $config['global_xss_filtering'] = FALSE; but seems that was not issue of problem. In my form there is line like: Code: <input type="hidden" name="dp_csrf_tk" value="b0e299db72dba3d32fa60565ebe05662" /> tring to submit this form I got error: The action you have requested is not allowed. But this csrf protection for the form with post method. I upload /show / delete images with methods I mentioned above. So in source I see 2 similar methods, one of working ok, the second raise error 403 (Forbidden) : VALID REQUEST: Code: var post_data = { INVALID REQUEST with error 403 (Forbidden) : Code: var post_data = { I do not see the difference... and putting in config the url from the second wrong request : PHP Code: $config['csrf_exclude_uris'] = array('categories/delete_category_image'); I have the same error 403 (Forbidden) |
Welcome Guest, Not a member yet? Register Sign In |