Login

nasakh · 02-14-2024, 12:58 AM

Hello everyone,
i read about csrf problem with ajax or even jquery forms but i did not found anything relative about this
i have a website witch uses like 10 jquery post like this in one page

Code:
                $.post("/controller_api/add_video_to_playlist",{video_id:'<?=$details[0]->id;?>',playlist_id:$("#selected_playlist_id").val(),<?php echo $this->security->get_csrf_token_name(); ?>:'<?php echo $this->security->get_csrf_hash(); ?>'}).done(function(result){

its doing just fine when there is only one form in the page
but in pages that there are like 10 of them for saving actions that user makes, there is only one token for all of them and none of them gets done like every time i get 403 but like in my login page its doing just fine
so here is the question

Quote:how should i create multiple csrf tokens in one page and why none of them works while i think one of them should work at least for one time, and why in the page witch has only one form it works fine, also if you are thinking about getting new csrf in response and updating other forms with new one there is a security problem with that, attackers can get one csrf and spam it with no problem bcuz they get new csrf after submitting first one and on and on ...

demyr · 02-14-2024, 08:12 AM

You don't need multiple CSRF tokens, one is enough.

Go to Security file under the Config folder and find this line (it must be line 27) : public bool $tokenRandomize = true; and make it false. It regenerates the token each time you submit, that's why you are getting this error.

You can read about in our documentation

nasakh · 02-14-2024, 09:00 AM

(02-14-2024, 08:12 AM)demyr Wrote: You don't need multiple CSRF tokens, one is enough.

Go to Security file under the Config folder and find this line (it must be line 27) : public bool $tokenRandomize = true; and make it false. It regenerates the token each time you submit, that's why you are getting this error.

You can read about in our documentation

thank you for reply im sorry i did not mentioned that im using 3.x version, there is no such that thing in my files

**InsiteFX** · 02-14-2024, 10:25 AM

Maybe this will help you.

stackoverflow - Codeigniter 3 multiple forms with ajax and csrf tokens working on one form only

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )

demyr · 02-14-2024, 01:24 PM

(02-14-2024, 09:00 AM)nasakh Wrote:
(02-14-2024, 08:12 AM)demyr Wrote: You don't need multiple CSRF tokens, one is enough.

Go to Security file under the Config folder and find this line (it must be line 27) : public bool $tokenRandomize = true; and make it false. It regenerates the token each time you submit, that's why you are getting this error.

You can read about in our documentation

thank you for reply im sorry i did not mentioned that im using 3.x version, there is no such that thing in my files

Then it is time to migrate to the 4th version Smile

mkganesh · 02-15-2024, 09:05 AM

At the end of ajax call you should find and replace all the csrf tokens with the new csrf token value.
You could do something like

Code:
$('input[name="<?php echo $this->security->get_csrf_token_name(); ?>"]') = '<?php echo $this->security->get_csrf_hash(); ?>';