CSRF Protection with multiple js scripts |
I have a view profile page that uses two Ajax requests and thus two script files: profile_subscribe and profile_views. Either script works when it's the only script included with the view. It's when I include both scripts that only profile_views executes.
Currently, profile_subscribe has a 403 forbidden error citing CSRF protection as the issue. I regenerate the CSRF token with both Ajax requests so I'm not sure what is going wrong. I will include both scripts. If anything else is needed to troubleshoot, let me know. profile_views.js PHP Code: <script> profile_subscribe.js: PHP Code: <script>
I think the problem is each script has it's own local variables csrfName and csrfHash. When you update the variables after the ajax request has returned, you only update the local variables. It doesn't update the ones in the other script.
Code: // Update CSRF hash You should probably make these variables global so both scripts can use the same variables.
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/ |
Welcome Guest, Not a member yet? Register Sign In |