Welcome Guest, Not a member yet? Register   Sign In
I have a problem with ajax and csrf - The action you requested is not allowed.
#1

(This post was last modified: 09-01-2021, 12:40 PM by Secux.)

Hello,
I have a problem with ajax and csrf. -
this is my code:
view:
Code:
<script>
$('#view').html('<i class="fa fa-spinner fa-spin  text_primary"></i>');
$.ajax({
url: "https://site.com/api/view",
type: "POST",
contentType: "application/json",
headers: {'X-Requested-With': 'XMLHttpRequest'},
data: {'<?= csrf_token() ?>':'<?= csrf_hash() ?>'},
cache: false,
success: function(data){
$('#view').html(data);
/* $.each(data, function(i,data){
json_data = '<tr>'+
'<td valign="top">'+
'<div class="feed_title">'+data.name+'</div>'+

'</td>'+
'</tr>';
$(json_data).appendTo('#view');
});*/
},error: function(xhr, status, error){
alert(xhr.responseText);

    }
           
});</script><script><script>


controller:
PHP Code:
public function view() {
 
        if ($this->request->getMethod() == 'post') {
 if (
$this->Session->get('id') != NULL) {
 
$data $this->Resume->where('userID'session()->get('id'))->orderBy('fromY''asc')->findAll();
 
$response[] = array('status'  => '200');
 foreach(
$data as $row)
 {
 
$response[] = array(
 
"id" => $row['userID'],
"name" => $row['name'],
 );

 }

 } else {
 
$response = [
 
'status'  => '201',
 
'error'    => 'No Data Found'
 
];
              
 
}
 
 } else {

 
$response = [
 
'status'  => '201',
 
'error'    => 'Request not allowed'
 
];
 
 } 
 
 return 
$this->response->setJSON($response);
 } 

error:

Code:
{
    "title": "CodeIgniter\\Security\\Exceptions\\SecurityException",
    "type": "CodeIgniter\\Security\\Exceptions\\SecurityException",
    "code": 403,
    "message": "The action you requested is not allowed.",
    "file": "/home/X/system/Security/Security.php",
    "line": 240,
    "trace": [
        {
            "file": "/home/X/system/Security/Security.php",
            "line": 240,
            "function": "forDisallowedAction",
            "class": "CodeIgniter\\Security\\Exceptions\\SecurityException",
            "type": "::"
        },
        {
            "file": "/home/X/system/Filters/CSRF.php",
            "line": 57,
            "function": "verify",
            "class": "CodeIgniter\\Security\\Security",
            "type": "->"
        },
        {
            "file": "/home/X/system/Filters/Filters.php",
            "line": 181,
            "function": "before",
            "class": "CodeIgniter\\Filters\\CSRF",
            "type": "->"
        },
        {
            "file": "/home/X/system/CodeIgniter.php",
            "line": 407,
            "function": "run",
            "class": "CodeIgniter\\Filters\\Filters",
            "type": "->"
        },
        {
            "file": "/home/X/system/CodeIgniter.php",
            "line": 336,
            "function": "handleRequest",
            "class": "CodeIgniter\\CodeIgniter",
            "type": "->"
        },
        {
            "file": "/home/X/public_html/index.php",
            "line": 36,
            "function": "run",
            "class": "CodeIgniter\\CodeIgniter",
            "type": "->"
        }
    ]
}
Reply
#2

You are not sending JSON, but a key = value pair
You need to convert JS object to JSON
Code:
data : JSON.stringify({'<?= csrf_token() ?>':'<?= csrf_hash() ?>'}),
Reply
#3

Bro.. you can see my pastebin posting. it will help you full to solve your problem about csrf token random ajax jquery and datatable

https://pastebin.com/kupzmyx3

and

http://pastebin.com/tHhztmwc

hapy coding
Reply
#4

(08-29-2021, 10:34 PM)iRedds Wrote: You are not sending JSON, but a key = value pair
You need to convert JS object to JSON
Code:
data : JSON.stringify({'<?= csrf_token() ?>':'<?= csrf_hash() ?>'}),
hello,
i do this and work but the problem is work on first time only! so when i reclick on button to call ajax function i see agin the error " The action you requested is not allowed."
How can fix this without reload the page?
Reply
#5

(This post was last modified: 08-10-2022, 04:41 PM by PHS.)

Hi, I'm going to take advantage of this thread because today I was all day trying to figure out why my form wasn't being submitted, until I discovered that it was the Security.php > $regenerate setting, which was active. I updated my project with the latest version of CI, in the old project $regenerate was disabled.

Well, I would like to ask the CI4 experts what is the implication of leaving $regenerate disabled, is there any threat?

Second question, usually in my forms I use javascript to present some special effect to the user when submitting the form, usually I use something like:

Code:
document.getElementById('myForm').addEventListener('submit', function (event) {
event.preventDefault();
/*
implementation code
*/
event.currentTarget.submit();
}



If the javascript file submits the form via the method e.currentTarget.submit() and csrf regenerate is enabled the form is not submitted, because as for each request the regenerate changes to a new token. In this case, how could I submit the form, using the same method with javascript and with csrf regenerate enabled?

Thanks!
Reply
#6

CodeIgniter 4 CSRF Token with Ajax Request
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#7

How to Send AJAX request with CSRF token https://t.co/JZT1n2nw23
Iran,talesh,datamweb Heart
Reply




Theme © iAndrew 2016 - Forum software by © MyBB