• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Setting csrf_regenerate as TRUE

#11
Thanks Martin for your help. I am posting the solution in case someone needs it:

PHP Code:
$('#department_id').change(function() {

 
   var department_id=$("#department_id").val();
 
   var domain=$("#domain").val(); 
 
           
    
$.ajax({
 
       'async'true,
 
       'type'"POST",
 
               urldomain "index.php/project/get_scheme",
 
               data: {department_iddepartment_idcsrf_test_namecsfrData.csrf_test_name},
 
               dataType'json',
 
               success
 
               function(j){
            
                 
 setCSRF(j.csrfTokenNamej.csrfTokenHash);

                 
 if(j.schemes.length >= 2) {
                    var 
options '';
                    for (var 
0<= (j.schemes.length-1); i++) {
                            
options += '<option value="' j.schemes[i].id '">' j.schemes[i].name '</option>';
                    }
                    $(
"#scheme_id").html(options);
                    $(
'#scheme_id option:first').prop('selected''selected');
                 
 }
                 
 else if (j.schemes.length == 1){
             
                 
  options += '<option value="' j.schemes[0].id '">' '------------------------------------' '</option>';
                    $(
"#scheme_id").html(options);
                    $(
'#scheme_id option:first').prop('selected''selected');
                 
 }
                 
 else{
                    $(
"#scheme_id").val(j.schemes[1].id);alert(j.schemes.length);
                 
              
            
}
 
         });
 
 
   
}); 

Like this, other drop-down boxes are filled up through ajax call. 

Now when I try to submit the form, again "Action you have requested is not allowed" message comes up. The hidden csrf field generated by form_open doesnt get updated with the latest csrf token value.
Reply

#12
(07-31-2017, 12:19 AM)june123 Wrote: Like this, other drop-down boxes are filled up through ajax call. 

Now when I try to submit the form, again "Action you have requested is not allowed" message comes up. The hidden csrf field generated by form_open doesnt get updated with the latest csrf token value.

Just like with the AJAX call you will need to update the CSRF token field and value with the latest CSRF.
You can append a hidden field with the new value, and remove the old one when you hit the submit button
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.