CodeIgniter Forums
[SOLVED] csrf protection issue - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forum-5.html)
+--- Forum: General Help (https://forum.codeigniter.com/forum-24.html)
+--- Thread: [SOLVED] csrf protection issue (/thread-70588.html)



[SOLVED] csrf protection issue - yiujia - 04-30-2018

Hello,

I'm using Codeigniter 3.1.8 and my site is with https.

I looked many solutions with this issue but the solution i found don't work.

I try to do ajax post but csrf protection blocks me (403 error).

I have the hidden input with csrf name and hash value. I update the hash value on every request.

I send the good value by ajax json (hash value sent == cookie hash value).

I have the config csrf protection and regenerate set to TRUE.

When i set crsf protection to FALSE, my ajax request works.

Can you help me ? i spent so many hours to try to solve this issue...

Thanks and sorry for my bad english Blush


RE: csrf protection issue - InsiteFX - 05-01-2018

This has been asked many times


RE: csrf protection issue - yiujia - 05-01-2018

Like i said, i already apply this solution but i keep having the same problem : error 403.


RE: csrf protection issue - InsiteFX - 05-01-2018

Did you bring up your developer tools F12 in your web browser to see what's happening?

It should tell you what's causing the error.


RE: csrf protection issue - yiujia - 05-01-2018

Yes i verified i sent the good data and get the 403 error. Hmm, i think i will desactivate csrf and simulate it with an hook the csrf token Big Grin


RE: csrf protection issue - dave friend - 05-01-2018

(05-01-2018, 11:22 AM)yiujia Wrote: Yes i verified i sent the good data and get the 403 error. Hmm, i think i will desactivate csrf and simulate it with an hook the csrf token Big Grin

Poor choice.

The solution is not that complicated. Read the link (and links in) the one @insitefFXposted. All the wisdom you need is there.


RE: csrf protection issue - yiujia - 05-02-2018

Ok after adding some log message to security class, i found the problem.

When i tried to send data in the form of JSON.stringify, $_POST is empty.
So i build the data like that : "field_name=" + field_name_value + "&field_name2=" + field_name2_value and so on.

Thanks for your help.


RE: [SOLVED] csrf protection issue - dave friend - 05-03-2018

If you are using JQuery then the function .serializeArray() is very useful for gathering field values.
If you prefer using pure JavaScript then FormData is your friend.

Either way, you collect all the input values with very few lines of code.


RE: [SOLVED] csrf protection issue - yiujia - 05-03-2018

I try to use pure Javascript only. Wink
Hmm i already see FormData but there is limitations for browser compatibility.

I just begin to replace jQuery with pure javascript.

Thanks