I'm putting into header, csrf token with filter..
Code:
<?php namespace App\Filters;
use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
class CSRFInitFilter implements FilterInterface
{
/**
* Do whatever processing this filter needs to do.
* By default it should not return anything during
* normal execution. However, when an abnormal state
* is found, it should return an instance of
* CodeIgniter\HTTP\Response. If it does, script
* execution will end and that Response will be
* sent back to the client, allowing for error pages,
* redirects, etc.
*
* @param RequestInterface $request
* @param null $arguments
*
* @return mixed
*/
public function before(RequestInterface $request, $arguments = null)
{
// TODO: Implement before() method.
}
/**
* Allows After filters to inspect and modify the response
* object as needed. This method does not allow any way
* to stop execution of other after filters, short of
* throwing an Exception or Error.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @param null $arguments
*
* @return mixed
*/
public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
{
// You can check if ($request->isAJAX()), i'll done it through filter,
$response->setHeader(csrf_header(), Services::security()->getCSRFHash());
}
}
[Filters.php]
Code:
public $filters = [
// Allow only ajax requests
'ajax_request_check' => [
'before' => [
'account/*',
],
'after' => [],
],
'user_smtp_limit' => [
'before' => [
'account/*',
],
'after' => [],
],
'csrf_init_filter' => [
'before' => [],
'after' => [
'account/*',
]];
[app.js]
Code:
$.ajax({
url: url,
type: 'post',
dataType: 'json',
data: $('form#' + $(this).attr('id')).serialize(),
success: function (data, textStatus, request) {
l2.csrf.attr('content', request.getResponseHeader(l2.csrf_header_name));
setTimeout(function () {
l2.btn_signup.removeAttribute('disabled');
}, 7500);
},
complete: function () {}
});
If that doe's not work then you have problems in your coding.
realy?