• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
csrf_token works in one page but not in other

#1
i have two pages in a same codeigniter 3 project with a controller, and a child view each, but using a same template.

This two page have identical controller, and child view (just for testing, because on real case, they really have same behaviour and code).
Page 1 : http://localhost/project-name/register-page1/form/
Page 2 : http://localhost/project-name/register-page2/form/

on page 1, ajax with csrf_token() works without a problem. but with the same code in page 2, it didn't work and said 403 forbidden when accessing a method from ajax request.

I don't know why my code working on page1, but not working on page2 with error 403 forbidden. Please help me...

Code:
POST http://localhost/project-name/register-page2/getKabupatenByProvinceName 403 (Forbidden)


on config.php setting

PHP Code:
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_platform';
$config['csrf_cookie_name'] = 'csrf_cookie_platform';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array(); 


register-page1 and register-page2 ajax controller
PHP Code:
public function getKabupatenByProvinceName()
    {
        $province_name $this->input->post('name'TRUE);
        $province_data $this->Province_model->getProvinceByName($province_name)->row();
        $data $this->Province_model->getRegencyByProvinceId($province_data->id)->result();
        echo json_encode($data);
    

register-page1 and register-page2 ajax request on view
Code:
$('#provinsi').change(function() {
            var csrfName = '<?php echo $this->security->get_csrf_token_name(); ?>';
            var csrfHash = get_token();
            $('#kabupaten_kota' + '_loading').html('<i class="fa fa-spinner fa-spin" style="font-size:16px"></i> Loading');
            var name = $(this).val();
            $.ajax({
                url: window.location.origin + "/umi-pnm/register/getKabupatenByProvinceName",
                method: "POST",
                data: {
                    name: name,
                    [csrfName]: csrfHash
                },
                async: true,
                dataType: 'json',
                success: function(data) {
                    refill_token();
                    var html = '';
                    var i;
                    html += '<option value="" disabled selected>-- Pilih Kabupaten --</option>';
                    for (i = 0; i < data.length; i++) {
                        html += '<option value="' + toTitleCase(data[i].name) + '">' + toTitleCase(data[i].name) + '</option>';
                    }
                    $('#kabupaten_kota').html(html);
                    $('#kabupaten_kota' + '_loading').html('');
                }
            });
            return false;
        });

register-page1 and register-page2 ajax function to get and refill csrf_token
Code:
function get_token() {
            var respon;
            $.ajax({
                type: 'GET',
                async: false,
                url: window.location.origin + "/umi-pnm/register/regenerate_csrf_token",
                dataType: "html",
                success: function(data) {
                    respon = data;
                }
            });

            return respon;
        }

Code:
function refill_token() {
            var respon;
            $.ajax({
                type: 'GET',
                async: false,
                url: window.location.origin + "/umi-pnm/register/regenerate_csrf_token",
                dataType: "html",
                success: function(data) {
                    respon = data;
                }
            });
            var els = document.getElementsByName('<?php echo $this->security->get_csrf_token_name(); ?>');
            // console.log(els.length);
            for (var i = 0; i < els.length; i++) {
                els[i].value = respon;
            }
        }
Reply

#2
Read this:

Regenerate CRSF token codeigniter on submit Ajax
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.