Ajax - CSRF - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Ajax - CSRF (/showthread.php?tid=43252) |
Ajax - CSRF - El Forum - 07-05-2011 [eluser]Ondrej[/eluser] Hey there, I've tried searching through this forum, but I wasn't able to find an answer that would work. I'm working on back-office app and I would like to make a simple list of added news entries with a quick preview when you click on corresponding entry title. Here's the jQuery code: Code: //$(selector).hover(callbackIn, callbackOut); I can't get it to work with CSRF protection on, no matter which solution I try. If I switch it off, everything works flawlessly. Any ideas? Thanks in advance. Ajax - CSRF - El Forum - 07-05-2011 [eluser]InsiteFX[/eluser] by Eric Barnes - CodeIgniter CSRF Protection With Ajax InsiteFX Ajax - CSRF - El Forum - 07-06-2011 [eluser]Ondrej[/eluser] [quote author="InsiteFX" date="1309923346"]by Eric Barnes - CodeIgniter CSRF Protection With Ajax InsiteFX[/quote] I've already tried that, without any success. On a side-note, when is the CSRF cookie actually set? I think that might be the problem. Ondrej Ajax - CSRF - El Forum - 07-06-2011 [eluser]InsiteFX[/eluser] I think there is another post here on the forums that shows how to do it using a hidden form field. Code: <input type="hidden" name="<?php echo $this->security->csrf_token_name?>" value="<?php echo $this->security->csrf_hash?>" /> InsiteFX Ajax - CSRF - El Forum - 07-06-2011 [eluser]Ondrej[/eluser] [quote author="InsiteFX" date="1309968649"]I think there is another post here on the forums that shows how to do it using a hidden form field. Code: <input type="hidden" name="<?php echo $this->security->csrf_token_name?>" value="<?php echo $this->security->csrf_hash?>" /> InsiteFX[/quote] Thanks, that did trick; however, I checked Security library and both properties are protected, but there are accessor methods which do the job. I did this: Code: <input type="hidden" value="<?php echo $this->security->get_csrf_hash() ?>" id="csrf_protection" /> And the array I sent through jQuery: Code: var ajaxPostData = { Thanks a lot for help, I'm out. Ondrej Ajax - CSRF - El Forum - 07-06-2011 [eluser]Ondrej[/eluser] One more thing, I didn't want to make a new thread: How do I "reverse" url_title() method? That is, once I get pretty-looking URL, how can I extract the original title from the url? For example: http://randomwebsite/blog/Boring-blog-entry -> Boring blog entry Ajax - CSRF - El Forum - 07-06-2011 [eluser]InsiteFX[/eluser] I would save the original in a variable or in the session. Then call it back when needed. InsiteFX Ajax - CSRF - El Forum - 07-30-2011 [eluser]SPeed_FANat1c[/eluser] It sucks a little to repeat the same line in javascript when we want to post data. Isn't there some automatic way - when we use ajax post method - to automatically include ci_csrf_token into data? one solution comes to my head would be to write a function something like this: pseudocode: Code: function my_post(url, success_callback, post_data) what do you think? Or is there better solutions? |