Ajax - CSRF |
[eluser]Ondrej[/eluser]
Hey there, I've tried searching through this forum, but I wasn't able to find an answer that would work. I'm working on back-office app and I would like to make a simple list of added news entries with a quick preview when you click on corresponding entry title. Here's the jQuery code: Code: //$(selector).hover(callbackIn, callbackOut); I can't get it to work with CSRF protection on, no matter which solution I try. If I switch it off, everything works flawlessly. Any ideas? Thanks in advance.
[eluser]Ondrej[/eluser]
[quote author="InsiteFX" date="1309923346"]by Eric Barnes - CodeIgniter CSRF Protection With Ajax InsiteFX[/quote] I've already tried that, without any success. On a side-note, when is the CSRF cookie actually set? I think that might be the problem. Ondrej
[eluser]InsiteFX[/eluser]
I think there is another post here on the forums that shows how to do it using a hidden form field. Code: <input type="hidden" name="<?php echo $this->security->csrf_token_name?>" value="<?php echo $this->security->csrf_hash?>" /> InsiteFX
[eluser]Ondrej[/eluser]
[quote author="InsiteFX" date="1309968649"]I think there is another post here on the forums that shows how to do it using a hidden form field. Code: <input type="hidden" name="<?php echo $this->security->csrf_token_name?>" value="<?php echo $this->security->csrf_hash?>" /> InsiteFX[/quote] Thanks, that did trick; however, I checked Security library and both properties are protected, but there are accessor methods which do the job. I did this: Code: <input type="hidden" value="<?php echo $this->security->get_csrf_hash() ?>" id="csrf_protection" /> And the array I sent through jQuery: Code: var ajaxPostData = { Thanks a lot for help, I'm out. Ondrej
[eluser]Ondrej[/eluser]
One more thing, I didn't want to make a new thread: How do I "reverse" url_title() method? That is, once I get pretty-looking URL, how can I extract the original title from the url? For example: http://randomwebsite/blog/Boring-blog-entry -> Boring blog entry
[eluser]InsiteFX[/eluser]
I would save the original in a variable or in the session. Then call it back when needed. InsiteFX
[eluser]SPeed_FANat1c[/eluser]
It sucks a little to repeat the same line in javascript when we want to post data. Isn't there some automatic way - when we use ajax post method - to automatically include ci_csrf_token into data? one solution comes to my head would be to write a function something like this: pseudocode: Code: function my_post(url, success_callback, post_data) what do you think? Or is there better solutions? |
Welcome Guest, Not a member yet? Register Sign In |