• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ajax 403 error

#3
This has been asked many times. On the forum search there are lots of answers to this, I just searched 'ajax' and here are some of the many results:

https://forum.codeigniter.com/thread-683...#pid344934
https://forum.codeigniter.com/thread-685...#pid345687
https://forum.codeigniter.com/thread-686...#pid346124
https://forum.codeigniter.com/thread-688...#pid346964

Basically, when you submit your ajax post request you have to include the CSRF name => token pair too. When you do this, you then need to refresh the new current token either by updating a field somewhere on your page (which your js will read to get it when it is called) or return the new token in your return data, and update the CSRF field in your form.
When you get the hang of it, it is surprisingly straight forward, although as with all things ajax, depending on your usage, there might be other issues such as multiple concurrent requests etc.

Hope that helps,

Paul.

PS I would advise leaving CSRF on. You can disable CSRF for a certain url using the array in the config file, but I only do this if the page is already behind a login authorisation of some sort like for site admins, and your ajax controller checks that the user is authorised. I would not do that though for public users, only trusted site admins.
Reply


Messages In This Thread
Ajax 403 error - by pippuccio76 - 10-18-2017, 12:57 PM
RE: Ajax 403 error - by pippuccio76 - 10-19-2017, 04:05 AM
RE: Ajax 403 error - by PaulD - 10-19-2017, 10:24 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.