Another CSFR question - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Another CSFR question (/showthread.php?tid=41547) Pages:
1
2
|
Another CSFR question - El Forum - 05-10-2011 [eluser]keld[/eluser] Hi, I've enabled CSFR in my config file and after realizing that all my POST from jqeury stopped working I searched the forum and found this helpful link: http://ericlbarnes.com/blog/post/codeigniter_csrf_protection_with_ajax The only issue is that it is still not working. If I look at my cookies in firefox I see the csrf_token_myname cookie but there are no csrf_cookie_myname so in jquery when I have: Code: ... I'm wondering why on Eric Barnes blog he's assigning the cookie to the token and why it is still not working on my site. Any help is appreciated, thanks! Another CSFR question - El Forum - 05-10-2011 [eluser]bubbafoley[/eluser] I'm pretty sure that there is only 1 CSRF cookie. Is csrf_cookie_name set to 'csrf_cookie_mysite' in your config? Here's my config Code: $config['csrf_protection'] = TRUE; I'm only seeing 1 cookie in Firefox http://d.pr/yNYX Another CSFR question - El Forum - 05-10-2011 [eluser]keld[/eluser] My config file looks like this: Code: $config['csrf_protection'] = TRUE; and when I do view cookies in Firefox I only see 4 cookies: PHPSESSID csrf_token_mysite fbs_135056496568211 (the facebook connect cookie I believe) mysite_cookie (cookie i created for users) That's all, no csfr_cookie unforunately.... Another CSFR question - El Forum - 05-10-2011 [eluser]InsiteFX[/eluser] Opps just saw that you already read this! CodeIgniter CSRF Protection With Ajax - by Eric Barnes Your using base_url were Eric uses site_url. Code: url: base_url+"mycontroller/myfunction", InsiteFX Another CSFR question - El Forum - 05-11-2011 [eluser]keld[/eluser] Hi InsiteFX, yes Eric is using site_url but I'm using base_url for mine. I know it's working as I'm using this accross my entire site and as soon as I turn off CSRF in config.php, the ajax post works. Another CSFR question - El Forum - 05-11-2011 [eluser]InsiteFX[/eluser] If your using jQuery 1.5 I belive read on the forums here that there was a bug that was stopping it from working, they had a fix for it. But I am not sure if thats your problem. I'll look around and see what I can come up with. Found this also InsiteFX Another CSFR question - El Forum - 05-11-2011 [eluser]ELRafael[/eluser] I have a search form using GET instead POST. Maybe this can help you out. Code: $('form#your_form_id').submit(function(e) { Look the token var Code: token = $('input[name="ci_csrf_token"]').val(); I'm using JQuery, 1.5 (i guess :-S ) The method site->encode_string is something like that: Code: $return = array(); Another CSFR question - El Forum - 05-11-2011 [eluser]keld[/eluser] Hmmmm I still can't it to work, this is what I have in my js: Code: $('div#star-rating div.rate_widget').each(function(i) { and my controller: Code: if(is_ajax()) The console give me a 500 server error even before entering the controller, it gets stuck in the post in my js file. Another CSFR question - El Forum - 05-11-2011 [eluser]ELRafael[/eluser] IMHO Don't use $.cookie Try to fetch the token with var token : $('input[name="csrf_token_mysite"]').val(); "unless the $.cookie is ok" And try to alert the vars alert(token) and so. Do you use Firebug? It's a big friend :-) Try to simplify your procedure, step by step. i'm telling this cuz in a first moment everything seems ok. without see your HTML, it's a little hard to figure out where is the problem. try pastebin Another CSFR question - El Forum - 05-11-2011 [eluser]keld[/eluser] Yes I use firebug, firephp and all When I echo out the vars everything looks fine, even the token value is correct but it doesn't run the POST, it goes straight to the 'error' part and displays "Error parsing data. Try again later." error message. As soon as I turn off csrf, everything works fine again. Does it matter if I'm on localhost? it should I guess. |