Ajax call results in 403 Forbidden error |
When I try to receive some data (non-cross-domain) by using ajax on a controller/method the result is always 403 Forbidden. I am able to access that page myself from within my browser without any problems.
I've tried a lot of different things like trying to send post data or using a different browser. I've also removed the 'No direct script access allowed' but it gives me the same result. By using various search engines I came up with some similar problems. But none of them had a clear answer to the problem. I'd like to hear what I'm doing wrong or if it is a CI-bug. I am using 3.x development and I am aware of the bugs and/or problems it might have.
12-31-2014, 05:44 PM
(This post was last modified: 01-01-2015, 03:08 AM by RubenPortier. Edit Reason: Added new problem ) (12-31-2014, 04:45 PM)RubenPortier Wrote: When I try to receive some data (non-cross-domain) by using ajax on a controller/method the result is always 403 Forbidden. I am able to access that page myself from within my browser without any problems. I am very sorry to say that I maybe was a bit too fast. I have now found a solution to this problem! As it appears to be the CI csrf protection. I enabled it to make sure Cross Site Request Forgery is not possible. However, this will throw a 403 forbidden error to Ajax-requests. CI was so kind to have a csrf_exclude_uris configuration parameter. This allows you to set specific uri's to be not protected by csrf. EDIT: I still have another problem which many of the CI users experience. When using Ajax-requests, after a while the session in the database gets lost (it's just empty). This is a bug in CI where it wants to update the session (because else it should expire) but it cannot put the data into the database because of the Ajax-request. I know that I could create a MY_Session extending the CI_Session to prevent the update when an Ajax-request is made ($this->input->is_ajax_request()). But I wonder if there is a better solution or if there is a fix in progress on this. Thanks again for reading! |
Welcome Guest, Not a member yet? Register Sign In |