Codeignitor 3 CSRF issue with ajax call before form submit |
I have a form that uses CI 3 CSRF with the following configuration:
Code: $config['csrf_protection'] = TRUE; In that form, I placed an ajax code that runs when I fill the username filed to check for its existance in the database. I'm using this library js-cookie to read the token from a cookie which will get it either I'm using a form or not. Code: $.ajax({ When I load my form I see that the csrf hidden field has a value like Code: <input type="hidden" name="csrf_token_name" value="b9839f6455e7992c6dee529fe066dfc4" /> When I enter a username the ajax call is run and I can see that the token 'csrf_token_name' saved in the cookie is different than the value in the form. If I submit the form I get "An Error Was Encountered. The action you have requested is not allowed." I guess the tokens are no longer the same so is there any solution to this except turning off the csrf_regenerate ? Thanks.
What happens if you set $config['csrf_regenerate'] = FALSE; ?
What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
(08-14-2017, 04:21 AM)InsiteFX Wrote: What happens if you set $config['csrf_regenerate'] = FALSE; ? I specified in my question that I want a folution to my issue without turning csrf_regenerate to off otherwize there is no point in using csrf protection. Is the issue a problem in the CI 3 framwork itself? From my post: " is there any solution to this except turning off the csrf_regenerate" |
Welcome Guest, Not a member yet? Register Sign In |