• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[resolved] CSRF issue when ajax functions and normal forms are used on the same page

#1
Bug 
Hello everyone !

I've got a problem with csrf reloads that break my mind :
I've got ajax-functions (for exemple an input field that updates a database) and form-submit-buttons (for exemple a button that delete a line in a database) on the same page... 

- my ajax functions work very well when I click only on them (csrf hash changes each time ajax is called)
- my simple forms/submit-buttons work very well also when I click only on them (csrf hash changes each time the page refreshes)

But when I mix them: if I call ajax functions and then a simple form, I always have to click two time on my submit buttons so that my action is applied, although csrf number change all the time...

I don't know how to resolve this issue because I don't even understand what could be the problem... !  Confused
If someone has an idea...  Idea
Reply

#2
You can try this.

How to Send AJAX request with CSRF token in CodeIgniter 4
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#3
(10-01-2020, 12:39 PM)InsiteFX Wrote: You can try this.

How to Send AJAX request with CSRF token in CodeIgniter 4

Thank you, but as I said, I've already succeeded in sending AJAX request with CSRF token... My problem comes when I did an Ajax request and then want to submit a traditional form (that I do with the function form_open()... So there is also a CSRF token...) : I necessary have to reload the page so that the form works...
Reply

#4
The Ajax is most likely taking the focus away from the page try to put the focus back on the
page using JavaScript.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#5
I'm not sure but I think it didn't work. It's always like this :

1- I enter in my input (text) and take the focus
2- I type some text that making ajax request and updating my database
3- If I click then on a submit button (without ajax but also with CSRF), it reloads the page without making the action...
4- I have to re-click on the submit button so that the form works. (It is as if an ajax call with CSRF on CI4 desactivates traditional form)

I've tried to make a focus on an element of my page when I focusout the inputs... ( $(window).focus(); $('body').focus(); ) without success.
Reply

#6
Try to set the focus on the body of the page (body) or (html).

You could also try to set the focus on the form itself.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#7
I think CSRF only generate new for very submit POST or Ajax POST.
If submit GET or Ajax GET, CSRF = last generate and can get it from cookie

When you ajax post, CSRF will generate new and different with current CSRF, so you need update current CSRF with new.

Learning CI4 from my works, from errors and how to fix bugs in the community

Love CI & Thanks CI Teams

Reply

#8
Ok... I've finally found it ! It was not a question of focus...

When we use the function form_open(), CI4 automatically creates an hidden file with CSRF tokens... So you just need to update the hidden input with current CSRF coming from ajax. I did something like : $("input[name='csrf_token']").val(csrf);

Thank you anyway for the help :-)
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.