CI 2: "The action you have requested is not allowed." |
[eluser]rebellion[/eluser]
Thank you so very very much! been wondering why my AJAX always returned an error :/
[eluser]Eric Cope[/eluser]
I also tried adding the $this->config->set_item('csrf_protection',FALSE) but it didn't work. Where did you place that?
[eluser]Ricardo Martins[/eluser]
Take a look at http://ellislab.com/forums/viewthread/182631/
[eluser]Eric Cope[/eluser]
The pre-system hook will work for me. Is there a reason the CSRF wasn't checked in the form_validation->run()? That seemed like a reasonable place for it, allowing for individual form control as well.
[eluser]roark[/eluser]
The following code worked for me: <input type="hidden" name="<?php echo $this->security->get_csrf_token_name()?>" value="<?php echo $this->security->get_csrf_hash()?>" /> Hope it helps someone!
[eluser]SDSL[/eluser]
[quote author="roark" date="1306631355"]The following code worked for me: <input type="hidden" name="<?php echo $this->security->get_csrf_token_name()?>" value="<?php echo $this->security->get_csrf_hash()?>" /> Hope it helps someone![/quote] thank you it helps but you might better Code: form_hidden($this->security->get_csrf_token_name(), $this->security->get_csrf_hash());
[eluser]Barry Cogan[/eluser]
I had to dig this up again as I noticed that opera Version 11.11 gives the same error when all other browsers work fine. I can only surmise that this has something to do with opera's strict standards. When I manually have a hidden csrf_token_name input without the self closing slash at the end all works fine. However using form_open() or form_hidden() methods generate the slash which causes “The action you have requested is not allowed.” in Opera. Not sure whether CI should upgrade to HTML 5 standards or Opera be less strict.
[eluser]pelte[/eluser]
This works: http://aymsystems.com/ajax-csrf-protecti...igniter-20
[eluser]solid9[/eluser]
Sorry also for resurrecting this thread. Okay I already enabled the, Code: $config['csrf_protection'] = TRUE; I'm curious If it is also necessary to change the values below, Code: $config['csrf_token_name'] = 'csrf_test_name'; The scenario is this I have this "Reset Password" If you enter your email the system will email you the link to the 'reset form'. So the user will be coming from his email/inbox to reset his password. So that problem really happens in this state. My other form like register etc.. works well. Any advice please. Thanks in advanced.
[eluser]solid9[/eluser]
By the way I also added this to my "Reset Password Form" Code: <?php form_hidden($this->security->get_csrf_token_name(), $this->security->get_csrf_hash()); ?> But the problem persist. |
Welcome Guest, Not a member yet? Register Sign In |