Welcome Guest, Not a member yet? Register   Sign In
POST via Ajax returns 403 with CSRF enabled

(04-06-2020, 03:16 PM)Gary Wrote: As far as I'm aware, contentType is a page header field.

I suspect when it arrives in your AJAX submission, it confuses things on the server side because it's not something that's expected.

I don't believe it's supposed to be included. data: is what is submitted to the server, and although there's two or three formats this data: can be, it is ultimately always converted to a query string before it is sent (so the server is only ever expecting this and not a programmer-spec'd contentType).

Yes, CI expects urlencoded, I would swear I did try x-www-form-urlencoded in one of my previous attempts... anyway, here it is the valid Ajax submission, it might help someone in the future:
const sendContactForm = (contactFormData) => {
        type: 'POST',
        url: apiUrl,
        data: contactFormData,
        contentType: 'application/x-www-form-urlencoded; charset=UTF-8',
        headers: {'X-Requested-With': 'XMLHttpRequest'},
        dataType: 'json',
        success: function(result){
        error: function(result){

Thanks you!  Heart

Messages In This Thread
RE: POST via Ajax returns 403 with CSRF enabled - by marcvidalim - 04-08-2020, 02:23 AM

Theme © iAndrew 2016 - Forum software by © MyBB