Setting csrf_regenerate as TRUE - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24) +--- Thread: Setting csrf_regenerate as TRUE (/showthread.php?tid=68558) Pages:
1
2
|
Setting csrf_regenerate as TRUE - june123 - 07-27-2017 I am using CI3. When I set $config['csrf_regenerate'] = TRUE;, after the first request, subsequent ajax requests fail. This is obviously because of the csrf token being regenarated after every request. In the header.php page, I am using Quote:<script type="text/javascript" language="javascript"> Then there is a csrfload.js page, where I am using ajaxSetup function to send the token with every request.. Quote:$(function() { Now how do I change this code to include csrf token generation with every request? Also, setting csrf_regenerate as TRUE may give problem is multiple tabs/windows ? RE: Setting csrf_regenerate as TRUE - Martin7483 - 07-27-2017 Return the new CSRF token in your response and update the CSRF variable in your JavaScript. Remember to always include the CSRF token no matter the status of execution. Both success and fails should return the new CSRF token. RE: Setting csrf_regenerate as TRUE - spjonez - 07-27-2017 Another issue with this setting is you can only ever fire a single AJAX request at a time. Concurrent requests will fail. RE: Setting csrf_regenerate as TRUE - june123 - 07-27-2017 (07-27-2017, 05:52 AM)Martin7483 Wrote: Return the new CSRF token in your response and update the CSRF variable in your JavaScript. Martin, can you please show this with the code i have posted? I am not using concurrent requests, one request at a time will do. RE: Setting csrf_regenerate as TRUE - Martin7483 - 07-27-2017 First I'm asuming you are using jQuery Your AJAX code should have a success and error handler for responses. The controller/method that is called via the AJAX could respond with JSON output Code: $.ajax({ In the called method you could do this PHP Code: $response = array('success'=>TRUE/FALSE); The data argument in function(data) is an object containing what ever you added to the output RE: Setting csrf_regenerate as TRUE - june123 - 07-28-2017 Thanks Martin. I am using jquery. I am giving detailed code here: Quote:$('#project_id').change(function() { The get_department function is below: Quote:public function get_department() Now how do I incorporate your json code with this code ? RE: Setting csrf_regenerate as TRUE - Martin7483 - 07-28-2017 First Why don't you use the PHP function json_encode? Your two foreach loops can be done in 1 foreach and there is no need to create a json string in that manner. Second I'm not going to write the code for you. You have all the pieces of the puzzle, and it shouldn't be that hard to figure out. Looking at your code you should be able to do it But to help you out a bit PHP Code: $departments = array(); RE: Setting csrf_regenerate as TRUE - june123 - 07-28-2017 Thanks Martin for your help and giving some much needed confidence But to be honest, I am not very good with this json/jquery stuff. Thats why I had to stitch up that weird json string. Now I have done this far: Quote:foreach ($loop as $row) Then in ajax part: Quote:$('#project_id').change(function() {Now the next combobox doesnt get populated: Quote:$('#department_id').change(function() { When I checked the console in developer tools(chrome), the following msg comes: Failed to load resource: the server responded with a status of 403 (Forbidden) get_scheme Maybe the ajaxSetup function in csrf.js file is not sending the updated token: $(function() { // Attach csfr data token $.ajaxSetup({ data: csfrData }); }); Kindly guide. RE: Setting csrf_regenerate as TRUE - june123 - 07-28-2017 The csfrData is not being updated. Plese help in resolving this issue. RE: Setting csrf_regenerate as TRUE - Martin7483 - 07-29-2017 First I spotted this on the jQuery website regarding ajaxSetup Set default values for future Ajax requests. Its use is not recommended. If I understand correctly, the use of this function will effect all following AJAX calls. Once it has been declared the values are not updated. So yes, I think this is the problem and you should not use it. Create your own set and get functions for the CSRF PHP Code: <script type="text/javascript" language="javascript"> And from the AJAX call you of course call the setCSRF function with the returned CSRF to update |