Login

Secux · 08-29-2021, 05:37 AM

Hello,
I have a problem with ajax and csrf. -
this is my code:
view:

Code:
<script>

 $('#view').html('<i class="fa fa-spinner fa-spin  text_primary"></i>');

 $.ajax({

 url: "https://site.com/api/view",

 type: "POST",

 contentType: "application/json",

 headers: {'X-Requested-With': 'XMLHttpRequest'},

 data: {'<?= csrf_token() ?>':'<?= csrf_hash() ?>'}, 

 cache: false,

 success: function(data){

 $('#view').html(data); 

 /* $.each(data, function(i,data){

 json_data = '<tr>'+

 '<td valign="top">'+

 '<div class="feed_title">'+data.name+'</div>'+

 '</td>'+

 '</tr>';

 $(json_data).appendTo('#view');

 });*/

 },error: function(xhr, status, error){

 alert(xhr.responseText);

    }

 });</script><script><script>

controller:

PHP Code:
public function view() {
 
        if ($this->request->getMethod() == 'post') {
 if ($this->Session->get('id') != NULL) {
 $data = $this->Resume->where('userID', session()->get('id'))->orderBy('fromY', 'asc')->findAll();
 $response[] = array('status'  => '200');
 foreach($data as $row)
 {
 $response[] = array(
 "id" => $row['userID'],
"name" => $row['name'],
 );

 }

 } else {
 $response = [
 'status'  => '201',
 'error'    => 'No Data Found'
 ];
              
 }
 
 } else {

 $response = [
 'status'  => '201',
 'error'    => 'Request not allowed'
 ];
 
 } 
 
 return $this->response->setJSON($response);
 } 

error:

Code:
{

    "title": "CodeIgniter\\Security\\Exceptions\\SecurityException",

    "type": "CodeIgniter\\Security\\Exceptions\\SecurityException",

    "code": 403,

    "message": "The action you requested is not allowed.",

    "file": "/home/X/system/Security/Security.php",

    "line": 240,

    "trace": [

        {

            "file": "/home/X/system/Security/Security.php",

            "line": 240,

            "function": "forDisallowedAction",

            "class": "CodeIgniter\\Security\\Exceptions\\SecurityException",

            "type": "::"

        },

        {

            "file": "/home/X/system/Filters/CSRF.php",

            "line": 57,

            "function": "verify",

            "class": "CodeIgniter\\Security\\Security",

            "type": "->"

        },

        {

            "file": "/home/X/system/Filters/Filters.php",

            "line": 181,

            "function": "before",

            "class": "CodeIgniter\\Filters\\CSRF",

            "type": "->"

        },

        {

            "file": "/home/X/system/CodeIgniter.php",

            "line": 407,

            "function": "run",

            "class": "CodeIgniter\\Filters\\Filters",

            "type": "->"

        },

        {

            "file": "/home/X/system/CodeIgniter.php",

            "line": 336,

            "function": "handleRequest",

            "class": "CodeIgniter\\CodeIgniter",

            "type": "->"

        },

        {

            "file": "/home/X/public_html/index.php",

            "line": 36,

            "function": "run",

            "class": "CodeIgniter\\CodeIgniter",

            "type": "->"

        }

    ]

}

iRedds · 08-29-2021, 10:34 PM

You are not sending JSON, but a key = value pair
You need to convert JS object to JSON

Code:
data : JSON.stringify({'<?= csrf_token() ?>':'<?= csrf_hash() ?>'}),

JrengGo · 03-02-2022, 09:29 PM

Bro.. you can see my pastebin posting. it will help you full to solve your problem about csrf token random ajax jquery and datatable

https://pastebin.com/kupzmyx3

and

http://pastebin.com/tHhztmwc

hapy coding

pws · 08-10-2022, 11:22 AM

(08-29-2021, 10:34 PM)iRedds Wrote: You are not sending JSON, but a key = value pair
You need to convert JS object to JSON

Code:
data : JSON.stringify({'<?= csrf_token() ?>':'<?= csrf_hash() ?>'}),

hello,
i do this and work but the problem is work on first time only! so when i reclick on button to call ajax function i see agin the error " The action you requested is not allowed."
How can fix this without reload the page?

PHS · 08-10-2022, 04:36 PM

Hi, I'm going to take advantage of this thread because today I was all day trying to figure out why my form wasn't being submitted, until I discovered that it was the Security.php > $regenerate setting, which was active. I updated my project with the latest version of CI, in the old project $regenerate was disabled.

Well, I would like to ask the CI4 experts what is the implication of leaving $regenerate disabled, is there any threat?

Second question, usually in my forms I use javascript to present some special effect to the user when submitting the form, usually I use something like:

Code:
document.getElementById('myForm').addEventListener('submit', function (event) {

 event.preventDefault();

/*

implementation code

*/

event.currentTarget.submit();

}

If the javascript file submits the form via the method e.currentTarget.submit() and csrf regenerate is enabled the form is not submitted, because as for each request the regenerate changes to a new token. In this case, how could I submit the form, using the same method with javascript and with csrf regenerate enabled?

Thanks!

**InsiteFX** · 08-11-2022, 12:25 AM

CodeIgniter 4 CSRF Token with Ajax Request

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )

datamweb · 08-11-2022, 02:34 AM

How to Send AJAX request with CSRF token https://t.co/JZT1n2nw23

shield-oauth | CodeIgniter SMS Rocket | CodeIgniter DEA Rule