• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
csrf protection via ajax

#1
I have 4 ajax call in a page having 4 different forms for csrf protection. But not working with ajax. Please help me out for csrf protection with more than one call of ajax in a single page.
Reply

#2
(01-12-2018, 04:03 AM)nitin.d12 Wrote: I have 4 ajax call in a page having 4 different forms for csrf protection. But not working with ajax. Please help me out for csrf protection with more than one call of ajax in a single page.

Tell me if this is the situation.

You have this in config.php
PHP Code:
$config['csrf_regenerate'] = TRUE

And the four ajax calls are "POST" requests. The first request works but the rest fail.

Right?

If so, the issue is with
PHP Code:
$config['csrf_regenerate'] = TRUE

That's the right and proper thing to do but it complicates multiple ajax calls. What happens is that every time a "POST" request is made a new csrf hash is created. You will have to return the new hash and incorporate it into your next ajax call. It also means that you will have nest the ajax calls so that the next one cannot run until the current call returns.

More advice that that will require you sharing some code.
Reply

#3
Have a look at this files:

https://github.com/natanfelles/codeignit...e.php#L155

https://github.com/natanfelles/codeignit...e.php#L123

* CI 3
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
2 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2018 MyBB Group.