Welcome Guest, Not a member yet? Register   Sign In
I have a problem with ajax and csrf - The action you requested is not allowed.
#1

(This post was last modified: 09-01-2021, 12:40 PM by Secux.)

Hello,
I have a problem with ajax and csrf. -
this is my code:
view:
Code:
<script>
$('#view').html('<i class="fa fa-spinner fa-spin  text_primary"></i>');
$.ajax({
url: "https://site.com/api/view",
type: "POST",
contentType: "application/json",
headers: {'X-Requested-With': 'XMLHttpRequest'},
data: {'<?= csrf_token() ?>':'<?= csrf_hash() ?>'},
cache: false,
success: function(data){
$('#view').html(data);
/* $.each(data, function(i,data){
json_data = '<tr>'+
'<td valign="top">'+
'<div class="feed_title">'+data.name+'</div>'+

'</td>'+
'</tr>';
$(json_data).appendTo('#view');
});*/
},error: function(xhr, status, error){
alert(xhr.responseText);

    }
           
});</script><script><script>


controller:
PHP Code:
public function view() {
 
        if ($this->request->getMethod() == 'post') {
 if (
$this->Session->get('id') != NULL) {
 
$data $this->Resume->where('userID'session()->get('id'))->orderBy('fromY''asc')->findAll();
 
$response[] = array('status'  => '200');
 foreach(
$data as $row)
 {
 
$response[] = array(
 
"id" => $row['userID'],
"name" => $row['name'],
 );

 }

 } else {
 
$response = [
 
'status'  => '201',
 
'error'    => 'No Data Found'
 
];
              
 
}
 
 } else {

 
$response = [
 
'status'  => '201',
 
'error'    => 'Request not allowed'
 
];
 
 } 
 
 return 
$this->response->setJSON($response);
 } 

error:

Code:
{
    "title": "CodeIgniter\\Security\\Exceptions\\SecurityException",
    "type": "CodeIgniter\\Security\\Exceptions\\SecurityException",
    "code": 403,
    "message": "The action you requested is not allowed.",
    "file": "/home/X/system/Security/Security.php",
    "line": 240,
    "trace": [
        {
            "file": "/home/X/system/Security/Security.php",
            "line": 240,
            "function": "forDisallowedAction",
            "class": "CodeIgniter\\Security\\Exceptions\\SecurityException",
            "type": "::"
        },
        {
            "file": "/home/X/system/Filters/CSRF.php",
            "line": 57,
            "function": "verify",
            "class": "CodeIgniter\\Security\\Security",
            "type": "->"
        },
        {
            "file": "/home/X/system/Filters/Filters.php",
            "line": 181,
            "function": "before",
            "class": "CodeIgniter\\Filters\\CSRF",
            "type": "->"
        },
        {
            "file": "/home/X/system/CodeIgniter.php",
            "line": 407,
            "function": "run",
            "class": "CodeIgniter\\Filters\\Filters",
            "type": "->"
        },
        {
            "file": "/home/X/system/CodeIgniter.php",
            "line": 336,
            "function": "handleRequest",
            "class": "CodeIgniter\\CodeIgniter",
            "type": "->"
        },
        {
            "file": "/home/X/public_html/index.php",
            "line": 36,
            "function": "run",
            "class": "CodeIgniter\\CodeIgniter",
            "type": "->"
        }
    ]
}
Reply
#2

You are not sending JSON, but a key = value pair
You need to convert JS object to JSON
Code:
data : JSON.stringify({'<?= csrf_token() ?>':'<?= csrf_hash() ?>'}),
Reply




Theme © iAndrew 2016 - Forum software by © MyBB