Welcome Guest, Not a member yet? Register   Sign In
CSRF and ajax submit
#1

[eluser]davdtm[/eluser]
Hello guys, I'm really frozen since a while on the following issue:

1) I'm using CI 2.0 with CSRF enabled

2) I've a form with the CSRF key stored within a hidden field

3) I submit (POST) the form through ajax, by exploiting the jQuery form plugin (running something like: jQuery('#form_id').ajaxSubmit(options))

Now the problem:

if the form action is set as 'http://hostname/domain/...path.../file_to_be_executed.php' everything works beautifully. However, this way I'm running an external php file, so all the CI tools are not available. On another hand, if action is 'http://hostname/domain/index.php/controller_name/controller_function' I get a '500 system error', which is due to the CSRF. In fact, disabling the CSRF I successfully run the controller which is what I'd like to do.

What you suggest to address such issue? I've found the following post

http://ellislab.com/forums/viewthread/125687/

which is very interesting but just suggests some 'double cookie submission' approach, which is surrounded by clouds for me.

Thanks for any help

David
#2

[eluser]davdtm[/eluser]
sorry, I've found the problem.
I've made an error posting a wrong key in the hidden field. This stopped the ajax submission when calling the controller (which runs the csrf check) while the call to external files ALWAYS works because the check is not run in this case.

Davide




Theme © iAndrew 2016 - Forum software by © MyBB