CodeIgniter Forums
[resolved] CSRF issue when ajax functions and normal forms are used on the same page - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forum-5.html)
+--- Forum: General Help (https://forum.codeigniter.com/forum-24.html)
+--- Thread: [resolved] CSRF issue when ajax functions and normal forms are used on the same page (/thread-77648.html)



[resolved] CSRF issue when ajax functions and normal forms are used on the same page - kilden - 09-30-2020

Hello everyone !

I've got a problem with csrf reloads that break my mind :
I've got ajax-functions (for exemple an input field that updates a database) and form-submit-buttons (for exemple a button that delete a line in a database) on the same page... 

- my ajax functions work very well when I click only on them (csrf hash changes each time ajax is called)
- my simple forms/submit-buttons work very well also when I click only on them (csrf hash changes each time the page refreshes)

But when I mix them: if I call ajax functions and then a simple form, I always have to click two time on my submit buttons so that my action is applied, although csrf number change all the time...

I don't know how to resolve this issue because I don't even understand what could be the problem... !  Confused
If someone has an idea...  Idea


RE: CSRF issue when ajax functions and normal forms are used on the same page - InsiteFX - 10-01-2020

You can try this.

How to Send AJAX request with CSRF token in CodeIgniter 4


RE: CSRF issue when ajax functions and normal forms are used on the same page - kilden - 10-01-2020

(10-01-2020, 12:39 PM)InsiteFX Wrote: You can try this.

How to Send AJAX request with CSRF token in CodeIgniter 4

Thank you, but as I said, I've already succeeded in sending AJAX request with CSRF token... My problem comes when I did an Ajax request and then want to submit a traditional form (that I do with the function form_open()... So there is also a CSRF token...) : I necessary have to reload the page so that the form works...


RE: CSRF issue when ajax functions and normal forms are used on the same page - InsiteFX - 10-01-2020

The Ajax is most likely taking the focus away from the page try to put the focus back on the
page using JavaScript.


RE: CSRF issue when ajax functions and normal forms are used on the same page - kilden - 10-02-2020

I'm not sure but I think it didn't work. It's always like this :

1- I enter in my input (text) and take the focus
2- I type some text that making ajax request and updating my database
3- If I click then on a submit button (without ajax but also with CSRF), it reloads the page without making the action...
4- I have to re-click on the submit button so that the form works. (It is as if an ajax call with CSRF on CI4 desactivates traditional form)

I've tried to make a focus on an element of my page when I focusout the inputs... ( $(window).focus(); $('body').focus(); ) without success.


RE: CSRF issue when ajax functions and normal forms are used on the same page - InsiteFX - 10-02-2020

Try to set the focus on the body of the page (body) or (html).

You could also try to set the focus on the form itself.


RE: CSRF issue when ajax functions and normal forms are used on the same page - nc03061981 - 10-02-2020

I think CSRF only generate new for very submit POST or Ajax POST.
If submit GET or Ajax GET, CSRF = last generate and can get it from cookie

When you ajax post, CSRF will generate new and different with current CSRF, so you need update current CSRF with new.


RE: CSRF issue when ajax functions and normal forms are used on the same page - kilden - 10-02-2020

Ok... I've finally found it ! It was not a question of focus...

When we use the function form_open(), CI4 automatically creates an hidden file with CSRF tokens... So you just need to update the hidden input with current CSRF coming from ajax. I did something like : $("input[name='csrf_token']").val(csrf);

Thank you anyway for the help :-)