![]() |
[resolved] CSRF issue when ajax functions and normal forms are used on the same page - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24) +--- Thread: [resolved] CSRF issue when ajax functions and normal forms are used on the same page (/showthread.php?tid=77648) |
[resolved] CSRF issue when ajax functions and normal forms are used on the same page - kilden - 09-30-2020 Hello everyone ! I've got a problem with csrf reloads that break my mind : I've got ajax-functions (for exemple an input field that updates a database) and form-submit-buttons (for exemple a button that delete a line in a database) on the same page... - my ajax functions work very well when I click only on them (csrf hash changes each time ajax is called) - my simple forms/submit-buttons work very well also when I click only on them (csrf hash changes each time the page refreshes) But when I mix them: if I call ajax functions and then a simple form, I always have to click two time on my submit buttons so that my action is applied, although csrf number change all the time... I don't know how to resolve this issue because I don't even understand what could be the problem... ! ![]() If someone has an idea... ![]() RE: CSRF issue when ajax functions and normal forms are used on the same page - InsiteFX - 10-01-2020 You can try this. How to Send AJAX request with CSRF token in CodeIgniter 4 RE: CSRF issue when ajax functions and normal forms are used on the same page - kilden - 10-01-2020 (10-01-2020, 12:39 PM)InsiteFX Wrote: You can try this. Thank you, but as I said, I've already succeeded in sending AJAX request with CSRF token... My problem comes when I did an Ajax request and then want to submit a traditional form (that I do with the function form_open()... So there is also a CSRF token...) : I necessary have to reload the page so that the form works... RE: CSRF issue when ajax functions and normal forms are used on the same page - InsiteFX - 10-01-2020 The Ajax is most likely taking the focus away from the page try to put the focus back on the page using JavaScript. RE: CSRF issue when ajax functions and normal forms are used on the same page - kilden - 10-02-2020 I'm not sure but I think it didn't work. It's always like this : 1- I enter in my input (text) and take the focus 2- I type some text that making ajax request and updating my database 3- If I click then on a submit button (without ajax but also with CSRF), it reloads the page without making the action... 4- I have to re-click on the submit button so that the form works. (It is as if an ajax call with CSRF on CI4 desactivates traditional form) I've tried to make a focus on an element of my page when I focusout the inputs... ( $(window).focus(); $('body').focus(); ) without success. RE: CSRF issue when ajax functions and normal forms are used on the same page - InsiteFX - 10-02-2020 Try to set the focus on the body of the page (body) or (html). You could also try to set the focus on the form itself. RE: CSRF issue when ajax functions and normal forms are used on the same page - nc03061981 - 10-02-2020 I think CSRF only generate new for very submit POST or Ajax POST. If submit GET or Ajax GET, CSRF = last generate and can get it from cookie When you ajax post, CSRF will generate new and different with current CSRF, so you need update current CSRF with new. RE: CSRF issue when ajax functions and normal forms are used on the same page - kilden - 10-02-2020 Ok... I've finally found it ! It was not a question of focus... When we use the function form_open(), CI4 automatically creates an hidden file with CSRF tokens... So you just need to update the hidden input with current CSRF coming from ajax. I did something like : $("input[name='csrf_token']").val(csrf); Thank you anyway for the help :-) |