Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Need Help with CSRF
Need Help with CSRF
  • El Forum
    Guest
  •  
#1
07-06-2014, 01:58 PM

[eluser]vincej[/eluser]
Hi - I have the CSRF module turned on. I have a page which makes use of a Scriptaculous function:

Code:
var ajax = new Ajax.Updater(
    'ajax_msg','http://localhost/mysite/index.php/welcome/ajax_cart', {method:'post',parameters:params,'csrf_clftoken':cct,onComplete:showMessage}
    );

Using js alert messages I have managed to establish that the js runs right up to the point where the Ajax. Updater is called.

The code fails at the call. It is not getting to "weclome/ajax_cart" - again I have established this is die() calls.

I capture the CSRF token earlier in the js code with:

Code:
var cct = document.getElementsByName("csrf_clftoken")[0].value;

When I run the code I get the classic error message: "An Error Has Been Encountered - The Action You Have Requested is Not Allowed:.

So, my conclusion is that it is failing in the bit: {method:'post,parameters:params,'csrf_clftoken':cct,onCompleteConfusedhowMessage}
);

Can anyone offer me any advice on what to do next to get the csrf_token to work in this call ?

Many thanks !!
  • El Forum
    Guest
  •  
#2
07-06-2014, 03:55 PM

[eluser]jonez[/eluser]
If params is the data you are posting the CSRF token needs to be a key on that object.
  • El Forum
    Guest
  •  
#3
07-06-2014, 05:45 PM

[eluser]vincej[/eluser]
hey thanks jonez ... can you elaborate a little on your answer. I don't really understand what you are telling me .

cheers !
  • El Forum
    Guest
  •  
#4
07-07-2014, 04:51 AM

[eluser]jonez[/eluser]
Code:
{method:'post',parameters:params,'csrf_clftoken':cct,onComplete:showMessage}
In this line you are sending a post over AJAX, the post data being sent is params. Your CSRF token is not part of the data being sent you just added it as an additional parameter after the data parameter.

I've never used that script but I'm assuming it should be this:
Code:
params.csrf_clftoken = cct;

var ajax = new Ajax.Updater(
    'ajax_msg','http://localhost/mysite/index.php/welcome/ajax_cart', {method:'post',parameters:params,onComplete:showMessage}
);
  • El Forum
    Guest
  •  
#5
07-07-2014, 01:41 PM

[eluser]vincej[/eluser]
Hey Jonez - you are absolutely correct - that s how the orginal script, without the csrf is consructed. However I am terrible at Javascript. This is the complete js function:

Code:
function jsUpdateCart(){
  var cct = document.getElementsByName("csrf_clftoken")[0].value;
  var parameter_string = '';
  allNodes = document.getElementsByClassName("process");
  for(i = 0; i < allNodes.length; i++) {
   var tempid = allNodes[i].id;
    var temp = new Array;
    temp = tempid.split("_");
  var real_id = temp[2];
  var real_value = allNodes[i].value;
    parameter_string += real_id +':'+real_value+',' + cct;
  }

  var params = 'ids='+parameter_string;
  var ajax = new Ajax.Updater(
    'ajax_msg','http://localhost/mysite/index.php/welcome/ajax_cart', {method:'post',parameters:params,onComplete:showMessage}
    );

}


So, I need to add the var cct to the parameters. I tried concatenating the cct to the parameter string without success.

Code:
parameter_string += real_id +':'+real_value+',' + cct;


So how to I get the cct var to pass to the url through the params.

Sorry I am being such an idiot .

thanks !
  • El Forum
    Guest
  •  
#6
07-07-2014, 07:01 PM

[eluser]vincej[/eluser]
Ok - got it.

still can't get CSRF to work though.

What I do not understand is that after the AJAX call is executed the page gets reloaded. If I look at the source of that reloaded page, I can see the CSRF token in the page.

Despite that, I still get the error: "An error has occured, The action you have requested is not allowed"

Any ideas what I am doing wrong ?

Thanks !




Theme © iAndrew 2016 - Forum software by © MyBB