Welcome Guest, Not a member yet? Register   Sign In
[SOLVED] csrf protection issue
#1

(This post was last modified: 05-02-2018, 07:35 PM by yiujia.)

Hello,

I'm using Codeigniter 3.1.8 and my site is with https.

I looked many solutions with this issue but the solution i found don't work.

I try to do ajax post but csrf protection blocks me (403 error).

I have the hidden input with csrf name and hash value. I update the hash value on every request.

I send the good value by ajax json (hash value sent == cookie hash value).

I have the config csrf protection and regenerate set to TRUE.

When i set crsf protection to FALSE, my ajax request works.

Can you help me ? i spent so many hours to try to solve this issue...

Thanks and sorry for my bad english Blush
Reply
#2

This has been asked many times
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#3

Like i said, i already apply this solution but i keep having the same problem : error 403.
Reply
#4

Did you bring up your developer tools F12 in your web browser to see what's happening?

It should tell you what's causing the error.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#5

Yes i verified i sent the good data and get the 403 error. Hmm, i think i will desactivate csrf and simulate it with an hook the csrf token Big Grin
Reply
#6

(05-01-2018, 11:22 AM)yiujia Wrote: Yes i verified i sent the good data and get the 403 error. Hmm, i think i will desactivate csrf and simulate it with an hook the csrf token Big Grin

Poor choice.

The solution is not that complicated. Read the link (and links in) the one @insitefFXposted. All the wisdom you need is there.
Reply
#7

Ok after adding some log message to security class, i found the problem.

When i tried to send data in the form of JSON.stringify, $_POST is empty.
So i build the data like that : "field_name=" + field_name_value + "&field_name2=" + field_name2_value and so on.

Thanks for your help.
Reply
#8

If you are using JQuery then the function .serializeArray() is very useful for gathering field values.
If you prefer using pure JavaScript then FormData is your friend.

Either way, you collect all the input values with very few lines of code.
Reply
#9

I try to use pure Javascript only. Wink
Hmm i already see FormData but there is limitations for browser compatibility.

I just begin to replace jQuery with pure javascript.

Thanks
Reply




Theme © iAndrew 2016 - Forum software by © MyBB