• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to fix error 403 when csrf enabled with ajax

#1
Hi everyone, I'm struggling to retrieve data with ajax, I enabled csrf. When I use method: 'get' I get the data, but when I use post method did not work.



PHP Code:
//my route
$routes->post('view-category''Admin\Category::show_category');

//my controller
public function __construct(){
      helper('security');
}

public function 
show_category(){
      $output['csrf_token'] = csrf_token();
      $output['csrf_hash']   csrf_hash();
      echo json_encode($output);

Code:
// javascript
function view_category(){
      let url = 'view-category';
      let csrfName = '<?= csrf_token()?>';
    let csrfHash = '<?= csrf_hash() ?>';
      $.ajax({
           url: url,
           method: 'post',
           data: {csrfName: csrfHash },
           dataType: 'json',
           success: function(data)
           {
          alert("success");
           }
      })
}
Reply

#2
I solved it by adding angle blackets "[]"to the data key like this:
Code:
data: {[csrfName]: csrfHash },
Reply

#3
The browser developer tool is your best friend

You cannot use a variable as an object property name when writing code like this.
 data: {csrfName: csrfHash }  

Use like this

let data = {}
data[csrfName] = csrfHash


and than

$.ajax({ .... data : data 

Or you can send the header in the request.

let csrfHeader = '<?=csrf_header() ?>'

$.ajax({ 
url : 'some-url',
beforeSend: function(request) {
  request.setRequestHeader(csrfHeader, csrfHash);
},
data : { key : value },
....

(01-13-2021, 02:52 PM)onebuyu Wrote: I solved it by adding angle blackets "[]"to the data key like this:
Code:
data: {[csrfName]: csrfHash },

Interesting. Thx. I didn't know anything about computed properties.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.