• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Codeignitor 3 CSRF issue with ajax call before form submit

I have a form that uses CI 3 CSRF with the following configuration:
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_token_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();

In that form, I placed an ajax code that runs when I fill the username filed to check for its existance in the database. I'm using this library js-cookie to read the token from a cookie which will get it either I'm using a form or not.

   cache: false,
   type: 'POST',
   data: {
       'username': username,
       'csrf_token_name': Cookies.get('csrf_cookie_name')
   url: "/check",
   success: function (response) {
   error: function () {

When I load my form I see that the csrf hidden field has a value like
<input type="hidden" name="csrf_token_name" value="b9839f6455e7992c6dee529fe066dfc4" />

When I enter a username the ajax call is run and I can see that the token 'csrf_token_name' saved in the cookie is different than the value in the form. If I submit the form I get "An Error Was Encountered. The action you have requested is not allowed."
I guess the tokens are no longer the same so is there any solution to this except turning off the csrf_regenerate ?

What happens if you set $config['csrf_regenerate'] = FALSE; ?
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )

(08-14-2017, 04:21 AM)InsiteFX Wrote: What happens if you set $config['csrf_regenerate'] = FALSE; ?

I specified in my question that I want a folution to my issue without turning csrf_regenerate to off otherwize there is no point in using csrf protection. Is the issue a problem in the CI 3 framwork itself?

From my post: " is there any solution to this except turning off the csrf_regenerate"

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.