• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ajax call results in 403 Forbidden error

#1
When I try to receive some data (non-cross-domain) by using ajax on a controller/method the result is always 403 Forbidden. I am able to access that page myself from within my browser without any problems.

I've tried a lot of different things like trying to send post data or using a different browser. I've also removed the 'No direct script access allowed' but it gives me the same result.

By using various search engines Big Grin I came up with some similar problems. But none of them had a clear answer to the problem. I'd like to hear what I'm doing wrong or if it is a CI-bug. I am using 3.x development and I am aware of the bugs and/or problems it might have.
Reply

#2
(12-31-2014, 04:45 PM)RubenPortier Wrote: When I try to receive some data (non-cross-domain) by using ajax on a controller/method the result is always 403 Forbidden. I am able to access that page myself from within my browser without any problems.

I've tried a lot of different things like trying to send post data or using a different browser. I've also removed the 'No direct script access allowed' but it gives me the same result.

By using various search engines Big Grin I came up with some similar problems. But none of them had a clear answer to the problem. I'd like to hear what I'm doing wrong or if it is a CI-bug. I am using 3.x development and I am aware of the bugs and/or problems it might have.

I am very sorry to say that I maybe was a bit too fast. I have now found a solution to this problem! As it appears to be the CI csrf protection. I enabled it to make sure Cross Site Request Forgery is not possible. However, this will throw a 403 forbidden error to Ajax-requests. CI was so kind to have a csrf_exclude_uris configuration parameter. This allows you to set specific uri's to be not protected by csrf.

EDIT:

I still have another problem which many of the CI users experience. When using Ajax-requests, after a while the session in the database gets lost (it's just empty). This is a bug in CI where it wants to update the session (because else it should expire) but it cannot put the data into the database because of the Ajax-request.

I know that I could create a MY_Session extending the CI_Session to prevent the update when an Ajax-request is made ($this->input->is_ajax_request()). But I wonder if there is a better solution or if there is a fix in progress on this.

Thanks again for reading!
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.