Disallowed Key Characters

[eluser]vincej[/eluser]
Hi - I am trying to get CSRF to work with an AJAX call. I have researched various forums and methods and everything fails. The only one which gives some promise is this one I found on StackOverflow:

http://stackoverflow.com/questions/73483...rf-problem


The orginal poster added the csrf tokens as a var which does not work for me as I am not using JQuery:

Code:

var post_data = {
        'ansid': valrad,
        '<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>'
    };

I am using a Scriptaculous script which needs it added as a parameter. I am no longer gettng the "This Action is Not Allowed" , which is great, but instead I now get "Disallowed Key Characters. Ok, I have tried modifying the allowable key characters inside the core/input.php, but unless I am reading it wrong ":" is allowed. So again I am stumped.

I had to concatenate the ":" to avoid a js error, as seen below.

Code:

var params = 'ids='+parameter_string +'<?php echo $this->security->get_csrf_clftoken(); ?>' +':'+ '<?php echo $this->security->get_csrf_hash(); ?>'  

  var ajax = new Ajax.Updater(
    'ajax_msg','http://localhost/mysite/index.php/welcome/ajax_cart', {method:'post',parameters:params,onComplete:showMessage}
    );

This whole csrf thing in CI is completely killing me.

Any ideas why I am now getting disallowed key characters ??

many thanks !!