Welcome Guest, Not a member yet? Register   Sign In
[resolved] CSRF issue when ajax functions and normal forms are used on the same page
#1
Bug 
(This post was last modified: 10-02-2020, 07:29 AM by kilden.)

Hello everyone !

I've got a problem with csrf reloads that break my mind :
I've got ajax-functions (for exemple an input field that updates a database) and form-submit-buttons (for exemple a button that delete a line in a database) on the same page... 

- my ajax functions work very well when I click only on them (csrf hash changes each time ajax is called)
- my simple forms/submit-buttons work very well also when I click only on them (csrf hash changes each time the page refreshes)

But when I mix them: if I call ajax functions and then a simple form, I always have to click two time on my submit buttons so that my action is applied, although csrf number change all the time...

I don't know how to resolve this issue because I don't even understand what could be the problem... !  Confused
If someone has an idea...  Idea
Reply
#2

You can try this.

How to Send AJAX request with CSRF token in CodeIgniter 4
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#3

(10-01-2020, 12:39 PM)InsiteFX Wrote: You can try this.

How to Send AJAX request with CSRF token in CodeIgniter 4

Thank you, but as I said, I've already succeeded in sending AJAX request with CSRF token... My problem comes when I did an Ajax request and then want to submit a traditional form (that I do with the function form_open()... So there is also a CSRF token...) : I necessary have to reload the page so that the form works...
Reply
#4

(This post was last modified: 10-01-2020, 02:02 PM by InsiteFX.)

The Ajax is most likely taking the focus away from the page try to put the focus back on the
page using JavaScript.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#5

(This post was last modified: 10-02-2020, 01:24 AM by kilden.)

I'm not sure but I think it didn't work. It's always like this :

1- I enter in my input (text) and take the focus
2- I type some text that making ajax request and updating my database
3- If I click then on a submit button (without ajax but also with CSRF), it reloads the page without making the action...
4- I have to re-click on the submit button so that the form works. (It is as if an ajax call with CSRF on CI4 desactivates traditional form)

I've tried to make a focus on an element of my page when I focusout the inputs... ( $(window).focus(); $('body').focus(); ) without success.
Reply
#6

(This post was last modified: 10-02-2020, 06:39 AM by InsiteFX.)

Try to set the focus on the body of the page (body) or (html).

You could also try to set the focus on the form itself.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#7

(This post was last modified: 10-02-2020, 06:58 AM by nc03061981.)

I think CSRF only generate new for very submit POST or Ajax POST.
If submit GET or Ajax GET, CSRF = last generate and can get it from cookie

When you ajax post, CSRF will generate new and different with current CSRF, so you need update current CSRF with new.

Learning CI4 from my works, from errors and how to fix bugs in the community

Love CI & Thanks CI Teams

Reply
#8

(This post was last modified: 10-02-2020, 07:31 AM by kilden.)

Ok... I've finally found it ! It was not a question of focus...

When we use the function form_open(), CI4 automatically creates an hidden file with CSRF tokens... So you just need to update the hidden input with current CSRF coming from ajax. I did something like : $("input[name='csrf_token']").val(csrf);

Thank you anyway for the help :-)
Reply




Theme © iAndrew 2016 - Forum software by © MyBB