hii i just try to make csrf regenrate in ajax request is this the right way??
add <?php echo csrf_meta(); ?> in head tag
and in every response must include csrf_hash();
return $this->response->setJSON(['status' => true, 'message' => 'Hello World', 'csrf' => csrf_hash()]);
Code:
<script type="text/javascript">
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS)$/.test(method));
}
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("<?php echo csrf_header(); ?>", $('meta[name="<?php echo csrf_header(); ?>"]').attr('content'));
}
}
});
$(document).ajaxComplete(function (event, xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
let response = JSON.parse(xhr.responseText);
$('meta[name="<?php echo csrf_header(); ?>"]').attr('content', response.csrf);
}
});
</script>
