| Ajax 403 error |
|
This has been asked many times. On the forum search there are lots of answers to this, I just searched 'ajax' and here are some of the many results:
https://forum.codeigniter.com/thread-683...#pid344934 https://forum.codeigniter.com/thread-685...#pid345687 https://forum.codeigniter.com/thread-686...#pid346124 https://forum.codeigniter.com/thread-688...#pid346964 Basically, when you submit your ajax post request you have to include the CSRF name => token pair too. When you do this, you then need to refresh the new current token either by updating a field somewhere on your page (which your js will read to get it when it is called) or return the new token in your return data, and update the CSRF field in your form. When you get the hang of it, it is surprisingly straight forward, although as with all things ajax, depending on your usage, there might be other issues such as multiple concurrent requests etc. Hope that helps, Paul. PS I would advise leaving CSRF on. You can disable CSRF for a certain url using the array in the config file, but I only do this if the page is already behind a login authorisation of some sort like for site admins, and your ajax controller checks that the user is authorised. I would not do that though for public users, only trusted site admins. |
| Messages In This Thread |
|
Ajax 403 error - by pippuccio76 - 10-18-2017, 12:57 PM
RE: Ajax 403 error - by pippuccio76 - 10-19-2017, 04:05 AM
RE: Ajax 403 error - by PaulD - 10-19-2017, 10:24 AM
|
