-
kenjis
Administrator
-
Posts: 3,679
Threads: 97
Joined: Oct 2014
Reputation:
228
We have just released v4.5.1 bug fix.
This version fixed all reported bugs including TypeError in v4.5.0.
All v4.5.0 users should upgrade immediately.
Other CI4 users are encouraged to upgrade to v4.5.1 after detailed verification.
ChangeLog: https://codeigniter4.github.io/userguide...4.5.1.html
Upgrading Guide: https://codeigniter4.github.io/userguide...e_451.html
Note: Unfortunately now the User Guide on the official site is not yet updated due to the deployment trouble.
Important: There is a bug in appstarter v4.5.1. If you install appstarter, please fix the following path.
Code: --- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@@ -2,7 +2,7 @@
<phpunit
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.5/phpunit.xsd"
- bootstrap="system/Test/bootstrap.php"
+ bootstrap="vendor/codeigniter4/framework/system/Test/bootstrap.php"
backupGlobals="false"
beStrictAboutOutputDuringTests="true"
colors="true"
-
LP_bnss
Junior Member
-
Posts: 14
Threads: 0
Joined: Apr 2024
Reputation:
0
Is i am found any bug?
I am using datatable library from https://codeigniter4-datatables.hermawan...age/basic/
In my view page
Code: $('#custTable').DataTable({
processing: true,
serverSide: true,
ajax: '<?= base_url('institute-lists') ?>',
language: {
"processing": "Loading. Please wait ..."
},
columns: [
{ data: 'name' },
{ data: 'identifier' },
{ data: 'inst_code' },
{ data: 'is_demo' },
]
});
In Controller
PHP Code: public function getInstituteList() { $inst_model = new InstituteModel;
$builder = $inst_model->select('name,identifier,inst_code,is_demo');
return DataTable::of($builder)->toJson(true); }
In ResponseTrait.php
PHP Code: if ($cookie->isSecure() && ! $request->isSecure()) { throw SecurityException::forDisallowedAction(); }
Getting this error
Code: institute-list:2254
<br />
<b>Fatal error</b>: Uncaught CodeIgniter\Security\Exceptions\SecurityException: The action you requested is not allowed. in F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php:673
Stack trace:
#0 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(673): CodeIgniter\Security\Exceptions\SecurityException::forDisallowedAction()
#1 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(663): CodeIgniter\HTTP\Response->dispatchCookies()
#2 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(374): CodeIgniter\HTTP\Response->sendCookies()
#3 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\ExceptionHandler.php(83): CodeIgniter\HTTP\Response->send()
#4 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\Exceptions.php(163): CodeIgniter\Debug\ExceptionHandler->handle(Object(CodeIgniter\Security\Exceptions\SecurityException), Object(CodeIgniter\HTTP\IncomingRequest), Object(CodeIgniter\HTTP\Response), 403, 1)
#5 [internal function]: CodeIgniter\Debug\Exceptions->exceptionHandler(Object(CodeIgniter\Security\Exceptions\SecurityException))
#6 {main}
thrown in <b>F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php</b> on line <b>673</b><br />
<br />
<b>Fatal error</b>: Uncaught CodeIgniter\Security\Exceptions\SecurityException: The action you requested is not allowed. in F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php:673
Stack trace:
#0 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(673): CodeIgniter\Security\Exceptions\SecurityException::forDisallowedAction()
#1 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(663): CodeIgniter\HTTP\Response->dispatchCookies()
#2 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php(374): CodeIgniter\HTTP\Response->sendCookies()
#3 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\ExceptionHandler.php(83): CodeIgniter\HTTP\Response->send()
#4 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\Exceptions.php(163): CodeIgniter\Debug\ExceptionHandler->handle(Object(ErrorException), Object(CodeIgniter\HTTP\IncomingRequest), Object(CodeIgniter\HTTP\Response), 500, 1)
#5 F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\Debug\Exceptions.php(252): CodeIgniter\Debug\Exceptions->exceptionHandler(Object(ErrorException))
#6 [internal function]: CodeIgniter\Debug\Exceptions->shutdownHandler()
#7 {main}
thrown in <b>F:\College ERP With Datatable\college_erp_v4_5_1\vendor\codeigniter4\framework\system\HTTP\ResponseTrait.php</b> on line <b>673</b><br />
After i have modify this code
PHP Code: if ($cookie->isSecure() && ! $request->isSecure() && ! $request->isAJAX() ) { throw SecurityException::forDisallowedAction(); }
It works as expected
And if im directly use the ajax url it works normally
Code: http://localhost:8080/institute-lists?draw=1&columns%5B0%5D%5Bdata%5D=name&columns%5B0%5D%5Bname%5D=&columns%5B0%5D%5Bsearchable%5D=true&columns%5B0%5D%5Borderable%5D=true&columns%5B0%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B0%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B1%5D%5Bdata%5D=identifier&columns%5B1%5D%5Bname%5D=&columns%5B1%5D%5Bsearchable%5D=true&columns%5B1%5D%5Borderable%5D=true&columns%5B1%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B1%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B2%5D%5Bdata%5D=inst_code&columns%5B2%5D%5Bname%5D=&columns%5B2%5D%5Bsearchable%5D=true&columns%5B2%5D%5Borderable%5D=true&columns%5B2%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B2%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B3%5D%5Bdata%5D=is_demo&columns%5B3%5D%5Bname%5D=&columns%5B3%5D%5Bsearchable%5D=true&columns%5B3%5D%5Borderable%5D=true&columns%5B3%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B3%5D%5Bsearch%5D%5Bregex%5D=false&order%5B0%5D%5Bcolumn%5D=0&order%5B0%5D%5Bdir%5D=asc&start=0&length=10&search%5Bvalue%5D=&search%5Bregex%5D=false&_=1713534972736
-
LP_bnss
Junior Member
-
Posts: 14
Threads: 0
Joined: Apr 2024
Reputation:
0
(04-20-2024, 05:36 PM)kenjis Wrote: @LP_bnss No, you have security misconfiguration.
Your configuration is not secure, so CI4 throws the exception.
Don't use the modified code. Fix your configuration.
But why it throws the exception, in the datatable ajax [ method would be "GET" & X-CSRF-TOKEN has been added to the request header from ajax prefilter func ]
See my code - Tried multiple times to get the expected response from the server
- That's why some lines were commented
Code: $(document).ready(function () {
$.ajaxPrefilter(function (options, originalOptions, jqXHR) {
jqXHR.setRequestHeader('X-CSRF-Token', $('meta[name="X-CSRF-TOKEN"]').attr('content'));
});
$('#custTable').DataTable({
processing: true,
serverSide: true,
// ajax: {
// // beforeSend: function (xhr) {
// // xhr.setRequestHeader('X-CSRF-TOKEN', $('meta[name="X-CSRF-TOKEN"]').attr('content'));
// // },
// url: '<?= base_url('institute-lists') ?>',
// // type: "POST",
// type: "GET",
// // headers: {
// // "Content-Type": "application/json",
// // 'X-Requested-With': 'XMLHttpRequest'
// // },
// // data: function (data) {
// // // CSRF Hash
// // var csrfName = "<?= csrf_token() ?>"; // CSRF Token name
// // var csrfHash = $('meta[name="X-CSRF-TOKEN"]').attr('content'); // CSRF hash
// // console.log({
// // ...data,
// // [csrfName]: csrfHash // CSRF Token
// // });
// // return {
// // ...data,
// // [csrfName]: csrfHash // CSRF Token
// // };
// // },
// // dataSrc: function (data) {
// // // Update token hash
// // $('meta[name="X-CSRF-TOKEN"]').attr('content',data.token);
// // // Datatable data
// // return data.aaData;
// // },
// success: function (response) {
// console.log(response);
// },
// error: function (response) {
// console.error(response);
// }
// },
ajax: {
url: '<?= base_url('institute-lists') ?>',
// method:'POST',
// data: function (data) {
// // CSRF Hash
// var csrfName = "<?= csrf_token() ?>"; // CSRF Token name
// var csrfHash = $('meta[name="X-CSRF-TOKEN"]').attr('content'); // CSRF hash
// console.log({
// ...data,
// [csrfName]: csrfHash // CSRF Token
// });
// return {
// ...data,
// [csrfName]: csrfHash // CSRF Token
// };
// },
error: function (response) {
console.error(response.responseText);
}
},
// ajax: '<?= base_url('institute-lists') ?>',
language: {
"processing": "Loading. Please wait ..."
},
columns: [
{ data: 'name' },
{ data: 'identifier' },
{ data: 'inst_code' },
{ data: 'is_demo' },
]
});
})
Help me to solve this issues iam facing
-
kenjis
Administrator
-
Posts: 3,679
Threads: 97
Joined: Oct 2014
Reputation:
228
-
LP_bnss
Junior Member
-
Posts: 14
Threads: 0
Joined: Apr 2024
Reputation:
0
(04-21-2024, 04:59 PM)kenjis Wrote: @LP_bnss The exception message is not good. I sent a PR to fix it.
https://github.com/codeigniter4/CodeIgniter4/pull/8818
Do you get what's wrong?
Why my request is not secure while request from ajax call in the datatable
After i have modified the ResponseTrait.php file
PHP Code: if ($cookie->isSecure() && ! $request->isSecure() && ! $request->isAJAX() ) { throw SecurityException::forDisallowedAction(); }
CI-datatable library properly working, otherwise its getting error status code 500 " Internal Server Error"
- The ajax request method from datatable is "GET", so why the request is not secure ?
- If i use "POST" method then i add CSRF in the request header "X-Csrf-Header"
Both methods are getting error why?
I don't know what i do?
See this thread https://forum.codeigniter.com/showthread...#pid418015 for reference
-
LP_bnss
Junior Member
-
Posts: 14
Threads: 0
Joined: Apr 2024
Reputation:
0
(04-23-2024, 01:48 AM)kenjis Wrote: (04-23-2024, 12:42 AM)LP_bnss Wrote: Why my request is not secure while request from ajax call in the datatable
If you don't use HTTPS, your request is not secure.
But my project is in development stage, so how can i use all features in localhost.
After my project has been moved to the server, the request will be in HTTPS from end to end.
My suggestion - IF ENVIRONMENT is in Development on Localhost, why we need HTTPS?
If HTTPS is must for secure request in localhost (development stage), how can i use the serverSide enabled datatable?
Also how to create SSL Certificate for codeIgniter 4 (installed from composer) on localhost.
Help me to solve this
|