Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support CSRF regenerate with AJAX
CSRF regenerate with AJAX
  • Offline 007basaran
    ABB
  • *
  • Posts: 3
    Threads: 1
    Joined: Jan 2023
    Reputation: 0
#9
02-06-2023, 08:46 PM
(This post was last modified: 02-06-2023, 08:52 PM by 007basaran. Edit Reason: Additional Info )

Hello,

Maybe I didn't understand this question, but I wanted to talk about a problem I had before and its solution. When I tried to send an AJAX request using Codeigniter, I was getting 403 Forbidden Error because the csrf token was not renewed after the 1st request, then I produced the following solution, I got some code from you, you can use it if it works for you.

For using AJAX requests on Codeigniter 4, if you are using CSRF TOKEN for security, you just need refresh CSRF TOKEN for post replies.

You can add this function in your any helper class.

Code:
if (! function_exists('zs_refreshcsrf')) {
    function zs_refreshcsrf(){
        echo '
            <script>
                function update_csrf_fields() {
                    let all_forms = document.forms;
                    for(e of all_forms) {
                        var data = e.querySelector(\'input[name='.csrf_token().']\');
                        if(data) {
                            data.value = \''.csrf_hash().'\';
                        }
                    }
                }
               
                update_csrf_fields();
            </script>';
    }
}

Warning message function with bootstrap, i using this and you can use in any helper this code : 

Code:
if (! function_exists('zs_alertboost')) {
    function zs_alertboost($type, $msg){
        $allowed_types = array("primary","secondary","success","danger","warning","info","light","dark");

        if (in_array($type, $allowed_types)) {
            echo '<div class="alert alert-'.$type.'" role="alert"> '.$msg.' </div>';
        }else{
            echo '<div class="alert alert-warning" role="alert"> '.$msg.' </div>';
        }
    }
}

When users get any error from the controller, or the controller when returned with some data`s, if you not update csrf token you can get 403 Forbidden error.

You just need use this function in the controller before alerting to the user.

Code:
            if (! $this->validateData($post, $validation_rules)) {
                zs_refreshcsrf();
                return zs_alertboost("warning", validation_list_errors());
            }

Do not use token refresh code in your view page directly, because you can get error, you can use token refresh code only controller, because hash value can change every post request.
Reply


Messages In This Thread
CSRF regenerate with AJAX - by Leo - 04-14-2020, 03:40 PM
RE: CSRF regenerate with AJAX - by Gary - 04-14-2020, 06:49 PM
RE: CSRF regenerate with AJAX - by Leo - 04-14-2020, 11:34 PM
RE: CSRF regenerate with AJAX - by entis - 04-15-2020, 08:02 AM
RE: CSRF regenerate with AJAX - by Gary - 04-15-2020, 12:09 PM
RE: CSRF regenerate with AJAX - by Leo - 04-15-2020, 12:30 PM
RE: CSRF regenerate with AJAX - by Morgun_Andrey - 05-05-2020, 02:39 PM
RE: CSRF regenerate with AJAX - by Gary - 04-15-2020, 01:17 PM
RE: CSRF regenerate with AJAX - by 007basaran - 02-06-2023, 08:46 PM
RE: CSRF regenerate with AJAX - by SubrataJ - 02-06-2023, 10:44 PM
RE: CSRF regenerate with AJAX - by Leo - 02-07-2023, 01:06 PM
RE: CSRF regenerate with AJAX - by Gary - 02-26-2023, 10:27 AM



Theme © iAndrew 2016 - Forum software by © MyBB