Welcome Guest, Not a member yet? Register   Sign In
Setting csrf_regenerate as TRUE
#11

Thanks Martin for your help. I am posting the solution in case someone needs it:

PHP Code:
$('#department_id').change(function() {

 
   var department_id=$("#department_id").val();
 
   var domain=$("#domain").val(); 
 
           
    
$.ajax({
 
       'async'true,
 
       'type'"POST",
 
               urldomain "index.php/project/get_scheme",
 
               data: {department_iddepartment_idcsrf_test_namecsfrData.csrf_test_name},
 
               dataType'json',
 
               success
 
               function(j){
            
                 
 setCSRF(j.csrfTokenNamej.csrfTokenHash);

                 
 if(j.schemes.length >= 2) {
                    var 
options '';
                    for (var 
0<= (j.schemes.length-1); i++) {
                            
options += '<option value="' j.schemes[i].id '">' j.schemes[i].name '</option>';
                    }
                    $(
"#scheme_id").html(options);
                    $(
'#scheme_id option:first').prop('selected''selected');
                 
 }
                 
 else if (j.schemes.length == 1){
             
                 
  options += '<option value="' j.schemes[0].id '">' '------------------------------------' '</option>';
                    $(
"#scheme_id").html(options);
                    $(
'#scheme_id option:first').prop('selected''selected');
                 
 }
                 
 else{
                    $(
"#scheme_id").val(j.schemes[1].id);alert(j.schemes.length);
                 
              
            
}
 
         });
 
 
   
}); 

Like this, other drop-down boxes are filled up through ajax call. 

Now when I try to submit the form, again "Action you have requested is not allowed" message comes up. The hidden csrf field generated by form_open doesnt get updated with the latest csrf token value.
Reply
#12

(07-31-2017, 12:19 AM)june123 Wrote: Like this, other drop-down boxes are filled up through ajax call. 

Now when I try to submit the form, again "Action you have requested is not allowed" message comes up. The hidden csrf field generated by form_open doesnt get updated with the latest csrf token value.

Just like with the AJAX call you will need to update the CSRF token field and value with the latest CSRF.
You can append a hidden field with the new value, and remove the old one when you hit the submit button
Reply




Theme © iAndrew 2016 - Forum software by © MyBB