Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Ajax request and regenerate csrf
Ajax request and regenerate csrf
  • Offline pippuccio76
    Senior Member
  • ****
  • Posts: 263
    Threads: 118
    Joined: Jun 2017
    Reputation: 0
#1
07-23-2017, 06:51 AM
(This post was last modified: 07-24-2017, 04:00 AM by pippuccio76.)

hi , sorry for english , i must get some value from a db to populate a select .

 this is my js code :


Code:
<script>

$(document).ready(function() {
 $("#regione_id").change(function(){
   
   $("#comune_id").html('<option value="" selected="selected">-- seleziona --</option>');
   
   var regione_id = $("#regione_id").val();
   var csrfName = '<?php echo $this->security->get_csrf_token_name(); ?>';
   var csrfHash = '<?php echo $this->security->get_csrf_hash(); ?>';

   console.log(regione_id);
   $.ajax({
     type: "POST",
     url: "<?php echo site_url(); ?>/user/get_province",
     data: {
        csrfName:csrfHash,
        regione:regione_id
     },  
     
     dataType: "html",
     success: function(msg)
     {  
 
            
       $("#province_id").html(msg);
     },
     error: function()
     {
       alert("Chiamata fallita, si prega di riprovare...");
     }
   });
 });

this is the controller :

Code:
function get_province(){
            
            $data = array('data'=> 'data to send back to browser');
            $csrf =  $this->security->get_csrf_hash();
            $this->output
                  ->set_content_type('application/json')
                  ->set_output(json_encode(array('data' => $data, 'csrf' => $csrf)));
         
        return  $this->user_model->get_province();
       
     }

If i have only one call it work otherwise i have error 403 .

I can solve it by set $config['csrf_regenerate'] to  FALSE but is it secure ?
Reply
  • Offline spjonez
    Member
  • ***
  • Posts: 215
    Threads: 16
    Joined: Oct 2014
    Reputation: 10
#2
07-24-2017, 10:19 AM

If you don't need to support concurrent requests pass the new CSRF token back from CI and into your success callback and set it to a variable in JavaScript. Pass the value of your JS variable on each request.

If you do require concurrent requests set regenerate to false. Another option is to use a queue to ensure only a single request fires at any given time.
Reply
  • Offline pippuccio76
    Senior Member
  • ****
  • Posts: 263
    Threads: 118
    Joined: Jun 2017
    Reputation: 0
#3
07-24-2017, 12:45 PM

(07-24-2017, 10:19 AM)spjonez Wrote: If you don't need to support concurrent requests pass the new CSRF token back from CI and into your success callback and set it to a variable in JavaScript. Pass the value of your JS variable on each request.

If you do require concurrent requests set regenerate to false. Another option is to use a queue to ensure only a single request fires at any given time.

This is a registration form , i must populate 3 select , the first populate the second and the second the tird . can i set regenerate to false ? But if i set false is false for every part of site?
Is it secure?
Reply




Theme © iAndrew 2016 - Forum software by © MyBB