Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming CI 2: "The action you have requested is not allowed."
CI 2: "The action you have requested is not allowed."
  • El Forum
    Guest
  •  
#11
03-06-2011, 04:46 AM

[eluser]rebellion[/eluser]
Thank you so very very much! been wondering why my AJAX always returned an error :/
  • El Forum
    Guest
  •  
#12
03-11-2011, 01:27 AM

[eluser]Eric Cope[/eluser]
I also tried adding the $this->config->set_item('csrf_protection',FALSE) but it didn't work. Where did you place that?
  • El Forum
    Guest
  •  
#13
03-11-2011, 06:36 AM

[eluser]Ricardo Martins[/eluser]
Take a look at http://ellislab.com/forums/viewthread/182631/
  • El Forum
    Guest
  •  
#14
03-21-2011, 10:13 PM

[eluser]Eric Cope[/eluser]
The pre-system hook will work for me. Is there a reason the CSRF wasn't checked in the form_validation->run()? That seemed like a reasonable place for it, allowing for individual form control as well.
  • El Forum
    Guest
  •  
#15
05-28-2011, 02:09 PM

[eluser]roark[/eluser]
The following code worked for me:

<input type="hidden" name="<?php echo $this->security->get_csrf_token_name()?>" value="<?php echo $this->security->get_csrf_hash()?>" />

Hope it helps someone!
  • El Forum
    Guest
  •  
#16
05-31-2011, 12:28 PM

[eluser]SDSL[/eluser]
[quote author="roark" date="1306631355"]The following code worked for me:

<input type="hidden" name="<?php echo $this->security->get_csrf_token_name()?>" value="<?php echo $this->security->get_csrf_hash()?>" />

Hope it helps someone![/quote]

thank you it helps

but you might better
Code:
form_hidden($this->security->get_csrf_token_name(), $this->security->get_csrf_hash());
  • El Forum
    Guest
  •  
#17
07-05-2011, 04:14 PM

[eluser]Barry Cogan[/eluser]
I had to dig this up again as I noticed that opera Version 11.11 gives the same error when all other browsers work fine.

I can only surmise that this has something to do with opera's strict standards.

When I manually have a hidden csrf_token_name input without the self closing slash at the end all works fine.

However using form_open() or form_hidden() methods generate the slash which causes “The action you have requested is not allowed.” in Opera.

Not sure whether CI should upgrade to HTML 5 standards or Opera be less strict.
  • El Forum
    Guest
  •  
#18
08-10-2011, 01:29 AM

[eluser]pelte[/eluser]
This works: http://aymsystems.com/ajax-csrf-protecti...igniter-20
  • El Forum
    Guest
  •  
#19
02-27-2012, 12:00 AM

[eluser]solid9[/eluser]
Sorry also for resurrecting this thread.

Okay I already enabled the,
Code:
$config['csrf_protection'] = TRUE;

I'm curious If it is also necessary to change the values below,
Code:
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
specially the csrf_token_name?

The scenario is this I have this "Reset Password"
If you enter your email the system will email you the link
to the 'reset form'.

So the user will be coming from his email/inbox to reset his password.
So that problem really happens in this state.

My other form like register etc.. works well.
Any advice please.

Thanks in advanced.
  • El Forum
    Guest
  •  
#20
02-27-2012, 12:03 AM

[eluser]solid9[/eluser]
By the way I also added this to my "Reset Password Form"
Code:
<?php form_hidden($this->security->get_csrf_token_name(), $this->security->get_csrf_hash()); ?>

But the problem persist.





Theme © iAndrew 2016 - Forum software by © MyBB