Welcome Guest, Not a member yet? Register   Sign In
How to fix error 403 when csrf enabled with ajax
#1

(This post was last modified: 01-13-2021, 01:17 PM by onebuyu.)

Hi everyone, I'm struggling to retrieve data with ajax, I enabled csrf. When I use method: 'get' I get the data, but when I use post method did not work.



PHP Code:
//my route
$routes->post('view-category''Admin\Category::show_category');

//my controller
public function __construct(){
      helper('security');
}

public function 
show_category(){
      $output['csrf_token'] = csrf_token();
      $output['csrf_hash']   csrf_hash();
      echo json_encode($output);

Code:
// javascript
function view_category(){
      let url = 'view-category';
      let csrfName = '<?= csrf_token()?>';
    let csrfHash = '<?= csrf_hash() ?>';
      $.ajax({
           url: url,
           method: 'post',
           data: {csrfName: csrfHash },
           dataType: 'json',
           success: function(data)
           {
          alert("success");
           }
      })
}
Reply
#2

I solved it by adding angle blackets "[]"to the data key like this:
Code:
data: {[csrfName]: csrfHash },
Reply
#3

(This post was last modified: 01-13-2021, 05:09 PM by iRedds.)

The browser developer tool is your best friend

You cannot use a variable as an object property name when writing code like this.
 data: {csrfName: csrfHash }  

Use like this

let data = {}
data[csrfName] = csrfHash


and than

$.ajax({ .... data : data 

Or you can send the header in the request.

let csrfHeader = '<?=csrf_header() ?>'

$.ajax({ 
url : 'some-url',
beforeSend: function(request) {
  request.setRequestHeader(csrfHeader, csrfHash);
},
data : { key : value },
....

(01-13-2021, 02:52 PM)onebuyu Wrote: I solved it by adding angle blackets "[]"to the data key like this:
Code:
data: {[csrfName]: csrfHash },

Interesting. Thx. I didn't know anything about computed properties.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB