Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Setting csrf_regenerate as TRUE
Setting csrf_regenerate as TRUE
  • Offline june123
    Junior Member
  • **
  • Posts: 27
    Threads: 9
    Joined: Jun 2016
    Reputation: 0
#11
07-31-2017, 12:19 AM

Thanks Martin for your help. I am posting the solution in case someone needs it:

PHP Code:
$('#department_id').change(function() {

    var department_id=$("#department_id").val();
    var domain=$("#domain").val(); 
            
    $.ajax({
        'async'true,
        'type'"POST",
                urldomain "index.php/project/get_scheme",
                data: {department_iddepartment_idcsrf_test_namecsfrData.csrf_test_name},
                dataType'json',
                success
                function(j){
            
                  setCSRF(j.csrfTokenNamej.csrfTokenHash);

                  if(j.schemes.length >= 2) {
                    var options '';
                    for (var 0<= (j.schemes.length-1); i++) {
                            options += '<option value="' j.schemes[i].id '">' j.schemes[i].name '</option>';
                    }
                    $("#scheme_id").html(options);
                    $('#scheme_id option:first').prop('selected''selected');
                  }
                  else if (j.schemes.length == 1){
             
                   options += '<option value="' j.schemes[0].id '">' '------------------------------------' '</option>';
                    $("#scheme_id").html(options);
                    $('#scheme_id option:first').prop('selected''selected');
                  }
                  else{
                    $("#scheme_id").val(j.schemes[1].id);alert(j.schemes.length);
                               
            }
          });
  
   }); 

Like this, other drop-down boxes are filled up through ajax call. 

Now when I try to submit the form, again "Action you have requested is not allowed" message comes up. The hidden csrf field generated by form_open doesnt get updated with the latest csrf token value.
Reply
  • Offline Martin7483
    Crossfire CMS
  • ****
  • Posts: 373
    Threads: 14
    Joined: Sep 2015
    Reputation: 20
#12
07-31-2017, 12:38 AM

(07-31-2017, 12:19 AM)june123 Wrote: Like this, other drop-down boxes are filled up through ajax call. 

Now when I try to submit the form, again "Action you have requested is not allowed" message comes up. The hidden csrf field generated by form_open doesnt get updated with the latest csrf token value.

Just like with the AJAX call you will need to update the CSRF token field and value with the latest CSRF.
You can append a hidden field with the new value, and remove the old one when you hit the submit button
Reply




Theme © iAndrew 2016 - Forum software by © MyBB