Welcome Guest, Not a member yet? Register   Sign In
CSRF and ajax submit
#1

[eluser]davdtm[/eluser]
Hello guys, I'm really frozen since a while on the following issue:

1) I'm using CI 2.0 with CSRF enabled

2) I've a form with the CSRF key stored within a hidden field

3) I submit (POST) the form through ajax, by exploiting the jQuery form plugin (running something like: jQuery('#form_id').ajaxSubmit(options))

Now the problem:

if the form action is set as 'http://hostname/domain/...path.../file_to_be_executed.php' everything works beautifully. However, this way I'm running an external php file, so all the CI tools are not available. On another hand, if action is 'http://hostname/domain/index.php/controller_name/controller_function' I get a '500 system error', which is due to the CSRF. In fact, disabling the CSRF I successfully run the controller which is what I'd like to do.

What you suggest to address such issue? I've found the following post

http://ellislab.com/forums/viewthread/125687/

which is very interesting but just suggests some 'double cookie submission' approach, which is surrounded by clouds for me.

Thanks for any help

David


Messages In This Thread
CSRF and ajax submit - by El Forum - 01-12-2011, 09:47 AM
CSRF and ajax submit - by El Forum - 01-13-2011, 02:25 AM



Theme © iAndrew 2016 - Forum software by © MyBB