Another CSFR question |
[eluser]keld[/eluser]
Hi, I've enabled CSFR in my config file and after realizing that all my POST from jqeury stopped working I searched the forum and found this helpful link: http://ericlbarnes.com/blog/post/codeign..._with_ajax The only issue is that it is still not working. If I look at my cookies in firefox I see the csrf_token_myname cookie but there are no csrf_cookie_myname so in jquery when I have: Code: ... I'm wondering why on Eric Barnes blog he's assigning the cookie to the token and why it is still not working on my site. Any help is appreciated, thanks!
[eluser]bubbafoley[/eluser]
I'm pretty sure that there is only 1 CSRF cookie. Is csrf_cookie_name set to 'csrf_cookie_mysite' in your config? Here's my config Code: $config['csrf_protection'] = TRUE; I'm only seeing 1 cookie in Firefox http://d.pr/yNYX
[eluser]keld[/eluser]
My config file looks like this: Code: $config['csrf_protection'] = TRUE; and when I do view cookies in Firefox I only see 4 cookies: PHPSESSID csrf_token_mysite fbs_135056496568211 (the facebook connect cookie I believe) mysite_cookie (cookie i created for users) That's all, no csfr_cookie unforunately....
[eluser]InsiteFX[/eluser]
Opps just saw that you already read this! CodeIgniter CSRF Protection With Ajax - by Eric Barnes Your using base_url were Eric uses site_url. Code: url: base_url+"mycontroller/myfunction", InsiteFX
[eluser]keld[/eluser]
Hi InsiteFX, yes Eric is using site_url but I'm using base_url for mine. I know it's working as I'm using this accross my entire site and as soon as I turn off CSRF in config.php, the ajax post works.
[eluser]InsiteFX[/eluser]
If your using jQuery 1.5 I belive read on the forums here that there was a bug that was stopping it from working, they had a fix for it. But I am not sure if thats your problem. I'll look around and see what I can come up with. Found this also InsiteFX
[eluser]ELRafael[/eluser]
I have a search form using GET instead POST. Maybe this can help you out. Code: $('form#your_form_id').submit(function(e) { Look the token var Code: token = $('input[name="ci_csrf_token"]').val(); I'm using JQuery, 1.5 (i guess :-S ) The method site->encode_string is something like that: Code: $return = array();
[eluser]keld[/eluser]
Hmmmm I still can't it to work, this is what I have in my js: Code: $('div#star-rating div.rate_widget').each(function(i) { and my controller: Code: if(is_ajax()) The console give me a 500 server error even before entering the controller, it gets stuck in the post in my js file.
[eluser]ELRafael[/eluser]
IMHO Don't use $.cookie Try to fetch the token with var token : $('input[name="csrf_token_mysite"]').val(); "unless the $.cookie is ok" And try to alert the vars alert(token) and so. Do you use Firebug? It's a big friend :-) Try to simplify your procedure, step by step. i'm telling this cuz in a first moment everything seems ok. without see your HTML, it's a little hard to figure out where is the problem. try pastebin
[eluser]keld[/eluser]
Yes I use firebug, firephp and all When I echo out the vars everything looks fine, even the token value is correct but it doesn't run the POST, it goes straight to the 'error' part and displays "Error parsing data. Try again later." error message. As soon as I turn off csrf, everything works fine again. Does it matter if I'm on localhost? it should I guess. |
Welcome Guest, Not a member yet? Register Sign In |