CSRF with fetch API |
See this: https://github.com/codeigniter4/CodeIgni...ssues/2454
Basically, CSRF behavior differs when it detects an AJAX call, but `fetch` calls are indistinguishable from regular HTTP requests. You can work around this by providing the headers with your `fetch` command: fetch(url, { method: "get", headers: { "Content-Type": "application/json", "X-Requested-With": "XMLHttpRequest" } |
Messages In This Thread |
CSRF with fetch API - by Leo - 07-01-2020, 11:04 AM
RE: CSRF with fetch API - by MGatner - 07-07-2020, 10:26 AM
RE: CSRF with fetch API - by Leo - 07-07-2020, 12:51 PM
RE: CSRF with fetch API - by MGatner - 07-07-2020, 04:20 PM
RE: CSRF with fetch API - by Leo - 07-08-2020, 08:41 AM
RE: CSRF with fetch API - by InsiteFX - 07-08-2020, 11:40 AM
|