Hello,
In my codeigniter 3.0.3
I have page for uploading(using jquery.fileupload library)/show listing/deleting of images
In control I send security object
PHP Code:
$data['security'] = $this->security;
and in view in ajax post requests I send parameters from this security object. It works in 1 case and retiurns 403(Forbidden) error in 2 cases:
Deleting Image :
Code:
var post_data = {
'dp_csrf_tk' : 'a574872384f065fcabf9747d20f9cff3'
};
alert( "post_data::"+var_dump(post_data) ) // This alert shows "post_data::obj.dp_csrf_tk = 6378d5922c14b0ffb43bd1aae135e3e8"
jQuery.ajax({ // returns 403 (Forbidden)
url: "http://local-displo-wp.com/backend/en/categories/delete_category_image?category_id=" + encodeURIComponent(category_id) + '&image_name='+encodeURIComponent(image_name),
type: 'POST',
data: post_data,
dataType: 'json',
success: function(result) {
....
}
});
Uploading of image :
Code:
var post_data = {
'<?php echo $security->get_csrf_token_name(); ?>' : '<?php echo $security->get_csrf_hash(); ?>'
};
alert( "post_data::"+var_dump(post_data) ) // This alert shows "post_data::obj.dp_csrf_tk = 6378d5922c14b0ffb43bd1aae135e3e8"
$('.category_image_fileupload').fileupload( { // returns 403 (Forbidden)
url: "<?php echo site_url('categories/upload_category_image?category_id') ?>=" + category_id+"&category_name="+encodeURIComponent(category_name),
data: post_data,
dataType: 'json',
done: function (e, data) {
...
},
progressall: function (e, data) {
var progress = parseInt(data.loaded / data.total * 100, 10);
$('#progress .progress-bar').css(
'width',
progress + '%'
);
}
}).prop('disabled', !$.support.fileInput)
.parent().addClass($.support.fileInput ? undefined : 'disabled');
Loading Of images :
Code:
var post_data = {
'dp_csrf_tk' : 'c4ac902758cdb8c657c32e11c631ccfc' // // This alert shows "post_data::obj.dp_csrf_tk = 856114439a276539dfc0a9617c0eb8ce"
};
alert( "post_data::"+var_dump(post_data) )
jQuery.ajax({ // all data returns ok
url: "http://local-displo-wp.com/backend/en/categories/load_category_images?category_id="+category_id+"&category_name="+encodeURIComponent(category_name),
type: 'POST',
data: post_data,
dataType: 'json',
success: function(result) {
//alert( "result::"+var_dump(result) )
if (result.result == 'success') {
$('#div-category-images').html(result.ret_html)
}
}
});
In all 3 requests ajax request as "POST" with "json" dataType return parameter wuth the same csrf array as parameters.
in url methods of the same control
http://local-displo-wp.com/backend/en/categories
I do not see why only third requests works ok but 2 first returns error?