+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Need Help with CSRF (/showthread.php?tid=60820)
Need Help with CSRF - El Forum - 07-06-2014
[eluser]vincej[/eluser]
Hi - I have the CSRF module turned on. I have a page which makes use of a Scriptaculous function:
Code:
var ajax = new Ajax.Updater(
'ajax_msg','http://localhost/mysite/index.php/welcome/ajax_cart', {method:'post',parameters:params,'csrf_clftoken':cct,onComplete:showMessage}
);Using js alert messages I have managed to establish that the js runs right up to the point where the Ajax. Updater is called.
The code fails at the call. It is not getting to "weclome/ajax_cart" - again I have established this is die() calls.
I capture the CSRF token earlier in the js code with:
Code:
var cct = document.getElementsByName("csrf_clftoken")[0].value;When I run the code I get the classic error message: "An Error Has Been Encountered - The Action You Have Requested is Not Allowed:.
So, my conclusion is that it is failing in the bit: {method:'post,parameters:params,'csrf_clftoken':cct,onComplete
howMessage});
Can anyone offer me any advice on what to do next to get the csrf_token to work in this call ?
Many thanks !!
Need Help with CSRF - El Forum - 07-06-2014
[eluser]jonez[/eluser]
If params is the data you are posting the CSRF token needs to be a key on that object.
Need Help with CSRF - El Forum - 07-06-2014
[eluser]vincej[/eluser]
hey thanks jonez ... can you elaborate a little on your answer. I don't really understand what you are telling me .
cheers !
Need Help with CSRF - El Forum - 07-07-2014
[eluser]jonez[/eluser]
Code:
{method:'post',parameters:params,'csrf_clftoken':cct,onComplete:showMessage}I've never used that script but I'm assuming it should be this:
Code:
params.csrf_clftoken = cct;
var ajax = new Ajax.Updater(
'ajax_msg','http://localhost/mysite/index.php/welcome/ajax_cart', {method:'post',parameters:params,onComplete:showMessage}
);Need Help with CSRF - El Forum - 07-07-2014
[eluser]vincej[/eluser]
Hey Jonez - you are absolutely correct - that s how the orginal script, without the csrf is consructed. However I am terrible at Javascript. This is the complete js function:
Code:
function jsUpdateCart(){
var cct = document.getElementsByName("csrf_clftoken")[0].value;
var parameter_string = '';
allNodes = document.getElementsByClassName("process");
for(i = 0; i < allNodes.length; i++) {
var tempid = allNodes[i].id;
var temp = new Array;
temp = tempid.split("_");
var real_id = temp[2];
var real_value = allNodes[i].value;
parameter_string += real_id +':'+real_value+',' + cct;
}
var params = 'ids='+parameter_string;
var ajax = new Ajax.Updater(
'ajax_msg','http://localhost/mysite/index.php/welcome/ajax_cart', {method:'post',parameters:params,onComplete:showMessage}
);
}So, I need to add the var cct to the parameters. I tried concatenating the cct to the parameter string without success.
Code:
parameter_string += real_id +':'+real_value+',' + cct;So how to I get the cct var to pass to the url through the params.
Sorry I am being such an idiot .
thanks !
Need Help with CSRF - El Forum - 07-07-2014
[eluser]vincej[/eluser]
Ok - got it.
still can't get CSRF to work though.
What I do not understand is that after the AJAX call is executed the page gets reloaded. If I look at the source of that reloaded page, I can see the CSRF token in the page.
Despite that, I still get the error: "An error has occured, The action you have requested is not allowed"
Any ideas what I am doing wrong ?
Thanks !