CodeIgniter Forums
CSRF and ajax submit - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: CSRF and ajax submit (/showthread.php?tid=37520)



CSRF and ajax submit - El Forum - 01-12-2011

[eluser]davdtm[/eluser]
Hello guys, I'm really frozen since a while on the following issue:

1) I'm using CI 2.0 with CSRF enabled

2) I've a form with the CSRF key stored within a hidden field

3) I submit (POST) the form through ajax, by exploiting the jQuery form plugin (running something like: jQuery('#form_id').ajaxSubmit(options))

Now the problem:

if the form action is set as 'http://hostname/domain/...path.../file_to_be_executed.php' everything works beautifully. However, this way I'm running an external php file, so all the CI tools are not available. On another hand, if action is 'http://hostname/domain/index.php/controller_name/controller_function' I get a '500 system error', which is due to the CSRF. In fact, disabling the CSRF I successfully run the controller which is what I'd like to do.

What you suggest to address such issue? I've found the following post

http://ellislab.com/forums/viewthread/125687/

which is very interesting but just suggests some 'double cookie submission' approach, which is surrounded by clouds for me.

Thanks for any help

David


CSRF and ajax submit - El Forum - 01-13-2011

[eluser]davdtm[/eluser]
sorry, I've found the problem.
I've made an error posting a wrong key in the hidden field. This stopped the ajax submission when calling the controller (which runs the csrf check) while the call to external files ALWAYS works because the check is not run in this case.

Davide