Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Getting 403 on AJAX POST to controller
Getting 403 on AJAX POST to controller
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,317
    Threads: 90
    Joined: Oct 2014
    Reputation: 207
#11
04-28-2023, 06:54 PM

I wrote incorrect thing. PHP can handle multipart/form-data POST data as $_POST.
Quote:An associative array of variables passed to the current script via the HTTP POST method when using application/x-www-form-urlencoded or multipart/form-data as the HTTP Content-Type in the request.
https://www.php.net/manual/en/reserved.v...s.post.php

But $_POST does not have JSON request data.
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply
  • Offline joho
    CI noob
  • ***
  • Posts: 78
    Threads: 25
    Joined: Mar 2023
    Reputation: 2
#12
Question  05-03-2023, 12:38 AM

OK, so this is a follow-up of sorts.

If I submit the form once via ajax, it's processed by my controller (CI's CSRF check passes).

If I submit the form again, without re-loading anything, it's not processed by my controller (CI's CSRF check fails, I'm guessing). The submitted data is identical.

In Security.php I have $tokenRandomize = true, $expires = 7200, and $regenerate = false. So I don't understand why CI wouldn't accept it on the second submission since nothing has changed.

-joho
Reply
  • Offline sheilaf
    Junior Member
  • **
  • Posts: 19
    Threads: 0
    Joined: Jul 2021
    Reputation: 2
#13
05-03-2023, 11:06 AM

When I encountered this problem, I took the easy way out and just turned off CSRF for the routes. This done by editing the $globals array in Config/Filters.php.
PHP Code:
public $globals = [
        'before' => [
            // turn off use of csrf for ajax calls
            'csrf' => [
                'except' => ['/ecco/publications/checkDoi''/salinity/publications/checkDoi' ]
            ],
        ], 

In my application I have data input forms where I want to check one field for duplicates and provide links to view any duplicates found.  It's old data so there could be more than one existing record with the same DOI value.
Reply
  • Offline joho
    CI noob
  • ***
  • Posts: 78
    Threads: 25
    Joined: Mar 2023
    Reputation: 2
#14
05-03-2023, 12:23 PM

Thank you for the suggestion! That would, of course, work for me too; had I not been concerned about the security implications.

But I am still confused as to why it seems like CI wants a different token value on the next request, since I set the regenerate-setting to false.

-joho
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,317
    Threads: 90
    Joined: Oct 2014
    Reputation: 207
#15
05-03-2023, 05:27 PM

(05-03-2023, 12:23 PM)joho Wrote: But I am still confused as to why it seems like CI wants a different token value on the next request, since I set the regenerate-setting to false.

In my understanding, CI does not want a different token value on the next request
with your configuration.

Are you sure your config is truly applied?
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply
  • Offline joho
    CI noob
  • ***
  • Posts: 78
    Threads: 25
    Joined: Mar 2023
    Reputation: 2
#16
05-08-2023, 01:59 AM

Well, something is causing the 403, and it happens before my code is executed.

No, I'm not sure the regeneration is disabled, but how would I best test that?

-joho
Reply




Theme © iAndrew 2016 - Forum software by © MyBB