Welcome Guest, Not a member yet? Register   Sign In
CSRF regenerate with AJAX
#1

(This post was last modified: 04-14-2020, 03:42 PM by Leo.)

So, I've been fiddling with CSRF.
I found a way of keeping the regenerate setting on, with AJAX, like this:
PHP Code:
if ($this->request->isAJAX())
{
    $formDataRaw $this->request->getRawInput();
    $formDataRaw['csrf_token'] = csrf_hash();
    return $this->response->setJSON($formDataRaw);
} else {
    return '{ \'error\': \'Invalid Request\'}';

and then in ajax doing this
Code:
bla bla bla....ajax form code submit.done(function (data) {
                console.log(data);
                csrf.val(data.csrf_token)
            })
Where csrf is a variable for this: let csrf = $("input[name='csrf_token']",form);
Basically I retrieve a new generated value for the csrf cookie hash and replace the old value with the new one retreieved - and that works.
BUT I have a whole bunch of forms on my page (image editing)! And THEIR csrf values all stay the same so they don't work now.
Can someone suggest a way I can pass this value on and change the csrf input values on ALL my forms??

Also, having read the docs I'm still wondering is the auto CSRF protection in CI 4 turned on ONLY in app/config/Filters.php - because the docs say that when form_open() is used it's added automatically - but its not.

Also I didn't see much difference made when turning app.CSRFProtection  = true in the .env
You can see things I made with codeigniter here: itart.pro its not overly impressive as I have very little time to learn.
Reply


Messages In This Thread
CSRF regenerate with AJAX - by Leo - 04-14-2020, 03:40 PM
RE: CSRF regenerate with AJAX - by Gary - 04-14-2020, 06:49 PM
RE: CSRF regenerate with AJAX - by Leo - 04-14-2020, 11:34 PM
RE: CSRF regenerate with AJAX - by entis - 04-15-2020, 08:02 AM
RE: CSRF regenerate with AJAX - by Gary - 04-15-2020, 12:09 PM
RE: CSRF regenerate with AJAX - by Leo - 04-15-2020, 12:30 PM
RE: CSRF regenerate with AJAX - by Morgun_Andrey - 05-05-2020, 02:39 PM
RE: CSRF regenerate with AJAX - by Gary - 04-15-2020, 01:17 PM
RE: CSRF regenerate with AJAX - by 007basaran - 02-06-2023, 08:46 PM
RE: CSRF regenerate with AJAX - by SubrataJ - 02-06-2023, 10:44 PM
RE: CSRF regenerate with AJAX - by Leo - 02-07-2023, 01:06 PM
RE: CSRF regenerate with AJAX - by Gary - 02-26-2023, 10:27 AM



Theme © iAndrew 2016 - Forum software by © MyBB