Welcome Guest, Not a member yet? Register   Sign In
v4.5.1 Bug Fix Released
#1

We have just released v4.5.1 bug fix.

This version fixed all reported bugs including TypeError in v4.5.0.
All v4.5.0 users should upgrade immediately.

Other CI4 users are encouraged to upgrade to v4.5.1 after detailed verification.

ChangeLog: https://codeigniter4.github.io/userguide...4.5.1.html
Upgrading Guide: https://codeigniter4.github.io/userguide...e_451.html

Note: Unfortunately now the User Guide on the official site is not yet updated due to the deployment trouble.

Important: There is a bug in appstarter v4.5.1. If you install appstarter, please fix the following path.
Code:
--- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@@ -2,7 +2,7 @@
<phpunit
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.5/phpunit.xsd"
-    bootstrap="system/Test/bootstrap.php"
+    bootstrap="vendor/codeigniter4/framework/system/Test/bootstrap.php"
    backupGlobals="false"
    beStrictAboutOutputDuringTests="true"
    colors="true"
Reply
#2

Thank you CodeIgniter Development Team.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#3

Thanks for continuous update.
Reply
#4

Is i am found any bug?

I am using datatable library from https://codeigniter4-datatables.hermawan...age/basic/

In my view page
Code:
$('#custTable').DataTable({
            processing: true,
            serverSide: true,
            ajax: '<?= base_url('institute-lists') ?>',
            language: {
                "processing": "Loading. Please wait ..."
            },
            columns: [
                { data: 'name' },
                { data: 'identifier' },
                { data: 'inst_code' },
                { data: 'is_demo' },
            ]
 });

In Controller
PHP Code:
public function getInstituteList()
    {
        $inst_model  = new InstituteModel;

        $builder    $inst_model->select('name,identifier,inst_code,is_demo');

        return DataTable::of($builder)->toJson(true);
    

In ResponseTrait.php
PHP Code:
if ($cookie->isSecure() && ! $request->isSecure()) {
         throw SecurityException::forDisallowedAction();
   

Getting this error
Code:
institute-list:2254
<br />
<b>Fatal error</b>:  Uncaught CodeIgniter\Security\Exceptions\SecurityException: The action you requested is not allowed. in F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php:673
Stack trace:
#0 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(673): CodeIgniter\Security\Exceptions\SecurityException::forDisallowedAction()
#1 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(663): CodeIgniter\HTTP\Response-&gt;dispatchCookies()
#2 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(374): CodeIgniter\HTTP\Response-&gt;sendCookies()
#3 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\ExceptionHandler.php(83): CodeIgniter\HTTP\Response-&gt;send()
#4 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\Exceptions.php(163): CodeIgniter\Debug\ExceptionHandler-&gt;handle(Object(CodeIgniter\Security\Exceptions\SecurityException), Object(CodeIgniter\HTTP\IncomingRequest), Object(CodeIgniter\HTTP\Response), 403, 1)
#5 [internal function]: CodeIgniter\Debug\Exceptions-&gt;exceptionHandler(Object(CodeIgniter\Security\Exceptions\SecurityException))
#6 {main}
  thrown in <b>F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php</b> on line <b>673</b><br />
<br />
<b>Fatal error</b>:  Uncaught CodeIgniter\Security\Exceptions\SecurityException: The action you requested is not allowed. in F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php:673
Stack trace:
#0 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(673): CodeIgniter\Security\Exceptions\SecurityException::forDisallowedAction()
#1 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(663): CodeIgniter\HTTP\Response-&gt;dispatchCookies()
#2 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(374): CodeIgniter\HTTP\Response-&gt;sendCookies()
#3 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\ExceptionHandler.php(83): CodeIgniter\HTTP\Response-&gt;send()
#4 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\Exceptions.php(163): CodeIgniter\Debug\ExceptionHandler-&gt;handle(Object(ErrorException), Object(CodeIgniter\HTTP\IncomingRequest), Object(CodeIgniter\HTTP\Response), 500, 1)
#5 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\Exceptions.php(252): CodeIgniter\Debug\Exceptions-&gt;exceptionHandler(Object(ErrorException))
#6 [internal function]: CodeIgniter\Debug\Exceptions-&gt;shutdownHandler()
#7 {main}
  thrown in <b>F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php</b> on line <b>673</b><br />

After i have modify this code
PHP Code:
if ($cookie->isSecure() && ! $request->isSecure() && ! $request->isAJAX() ) {
            throw SecurityException::forDisallowedAction();
        

It works as expected

And if im directly use the  ajax url it works normally
Code:
http://localhost:8080/institute-lists?draw=1&columns%5B0%5D%5Bdata%5D=name&columns%5B0%5D%5Bname%5D=&columns%5B0%5D%5Bsearchable%5D=true&columns%5B0%5D%5Borderable%5D=true&columns%5B0%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B0%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B1%5D%5Bdata%5D=identifier&columns%5B1%5D%5Bname%5D=&columns%5B1%5D%5Bsearchable%5D=true&columns%5B1%5D%5Borderable%5D=true&columns%5B1%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B1%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B2%5D%5Bdata%5D=inst_code&columns%5B2%5D%5Bname%5D=&columns%5B2%5D%5Bsearchable%5D=true&columns%5B2%5D%5Borderable%5D=true&columns%5B2%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B2%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B3%5D%5Bdata%5D=is_demo&columns%5B3%5D%5Bname%5D=&columns%5B3%5D%5Bsearchable%5D=true&columns%5B3%5D%5Borderable%5D=true&columns%5B3%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B3%5D%5Bsearch%5D%5Bregex%5D=false&order%5B0%5D%5Bcolumn%5D=0&order%5B0%5D%5Bdir%5D=asc&start=0&length=10&search%5Bvalue%5D=&search%5Bregex%5D=false&_=1713534972736
Reply
#5

@LP_bnss No, you have security misconfiguration.
Your configuration is not secure, so CI4 throws the exception.
Don't use the modified code. Fix your configuration.
Reply
#6

(04-20-2024, 05:36 PM)kenjis Wrote: @LP_bnss No, you have security misconfiguration.
Your configuration is not secure, so CI4 throws the exception.
Don't use the modified code. Fix your configuration.


But why it throws the exception, in the datatable ajax [ method would be "GET" & X-CSRF-TOKEN has been added to the request header from ajax prefilter func ]

See my code
  • Tried multiple times to get the expected response from the server
  • That's why some lines were commented
Code:
$(document).ready(function () {
        $.ajaxPrefilter(function (options, originalOptions, jqXHR) {
            jqXHR.setRequestHeader('X-CSRF-Token', $('meta[name="X-CSRF-TOKEN"]').attr('content'));
        });

        $('#custTable').DataTable({
            processing: true,
            serverSide: true,
            // ajax: {
            //    // beforeSend: function (xhr) {
            //    //    xhr.setRequestHeader('X-CSRF-TOKEN', $('meta[name="X-CSRF-TOKEN"]').attr('content'));
            //    // },
            //    url: '<?= base_url('institute-lists') ?>',
            //    // type: "POST",
            //    type: "GET",
            //    // headers: {
            //    //    "Content-Type": "application/json",
            //    //    'X-Requested-With': 'XMLHttpRequest'
            //    // },
            //    // data: function (data) {
            //    //    // CSRF Hash
            //    //    var csrfName = "<?= csrf_token() ?>"; // CSRF Token name
            //    //    var csrfHash = $('meta[name="X-CSRF-TOKEN"]').attr('content'); // CSRF hash

            //    //    console.log({
            //    //        ...data,
            //    //        [csrfName]: csrfHash // CSRF Token
            //    //    });
            //    //    return {
            //    //        ...data,
            //    //        [csrfName]: csrfHash // CSRF Token
            //    //    };
            //    // },
            //    // dataSrc: function (data) {

            //    //    // Update token hash
            //    //    $('meta[name="X-CSRF-TOKEN"]').attr('content',data.token);

            //    //    // Datatable data
            //    //    return data.aaData;
            //    // },

            //    success: function (response) {
            //        console.log(response);
            //    },
            //    error: function (response) {
            //        console.error(response);
            //    }
            // },
            ajax: {
                url: '<?= base_url('institute-lists') ?>',
                // method:'POST',
                // data: function (data) {
                //    // CSRF Hash
                //    var csrfName = "<?= csrf_token() ?>"; // CSRF Token name
                //    var csrfHash = $('meta[name="X-CSRF-TOKEN"]').attr('content'); // CSRF hash

                //    console.log({
                //        ...data,
                //        [csrfName]: csrfHash // CSRF Token
                //    });
                //    return {
                //        ...data,
                //        [csrfName]: csrfHash // CSRF Token
                //    };
                // },
                error: function (response) {
                    console.error(response.responseText);
                }
            },
            // ajax: '<?= base_url('institute-lists') ?>',
            language: {
                "processing": "Loading. Please wait ..."
            },
            columns: [
                { data: 'name' },
                { data: 'identifier' },
                { data: 'inst_code' },
                { data: 'is_demo' },
            ]
        });


    })

Help me to solve this issues iam facing
Reply
#7

(This post was last modified: 04-21-2024, 04:59 PM by kenjis.)

@LP_bnss The exception message is not good. I sent a PR to fix it.
https://github.com/codeigniter4/CodeIgniter4/pull/8818
Do you get what's wrong?
Reply
#8

(04-21-2024, 04:59 PM)kenjis Wrote: @LP_bnss The exception message is not good. I sent a PR to fix it.
https://github.com/codeigniter4/CodeIgniter4/pull/8818
Do you get what's wrong?

Why my request is not secure while request from ajax call in the datatable

After i have modified the ResponseTrait.php file

PHP Code:
if ($cookie->isSecure() && ! $request->isSecure() && ! $request->isAJAX() ) {
          throw SecurityException::forDisallowedAction();
    

CI-datatable library properly working, otherwise its getting error status code 500 "Internal Server Error"
  • The ajax request method from datatable is "GET", so why the request is not secure ?
  • If i use "POST" method then i add CSRF in the  request header "X-Csrf-Header"

Both methods are getting error why?

I don't know what i do?

See this thread https://forum.codeigniter.com/showthread...#pid418015 for reference
Reply
#9

(04-23-2024, 12:42 AM)LP_bnss Wrote: Why my request is not secure while request from ajax call in the datatable

If you don't use HTTPS, your request is not secure.
Reply
#10

(04-23-2024, 01:48 AM)kenjis Wrote:
(04-23-2024, 12:42 AM)LP_bnss Wrote: Why my request is not secure while request from ajax call in the datatable

If you don't use HTTPS, your request is not secure.

But my project is in development stage, so how can i use all features in localhost.
After my project has been moved to the server, the request will be in HTTPS from end to end.

My suggestion
  • IF ENVIRONMENT is in Development on Localhost, why we need HTTPS?

If  HTTPS  is must for secure request in localhost (development stage), how can i use the serverSide enabled datatable?
Also how to create SSL Certificate for codeIgniter 4 (installed from composer) on localhost.

Help me to solve this
Reply




Theme © iAndrew 2016 - Forum software by © MyBB