CSRF and ajax submit |
[eluser]davdtm[/eluser]
Hello guys, I'm really frozen since a while on the following issue: 1) I'm using CI 2.0 with CSRF enabled 2) I've a form with the CSRF key stored within a hidden field 3) I submit (POST) the form through ajax, by exploiting the jQuery form plugin (running something like: jQuery('#form_id').ajaxSubmit(options)) Now the problem: if the form action is set as 'http://hostname/domain/...path.../file_to_be_executed.php' everything works beautifully. However, this way I'm running an external php file, so all the CI tools are not available. On another hand, if action is 'http://hostname/domain/index.php/controller_name/controller_function' I get a '500 system error', which is due to the CSRF. In fact, disabling the CSRF I successfully run the controller which is what I'd like to do. What you suggest to address such issue? I've found the following post http://ellislab.com/forums/viewthread/125687/ which is very interesting but just suggests some 'double cookie submission' approach, which is surrounded by clouds for me. Thanks for any help David |
Messages In This Thread |
CSRF and ajax submit - by El Forum - 01-12-2011, 09:47 AM
CSRF and ajax submit - by El Forum - 01-13-2011, 02:25 AM
|