Ajax CSRF 403 禁止代码点火器
Ajax CSRF 403 forbidden codeigniter
你好,我正在调用控制器以在我的基于 codeigniter 的应用程序中使用 AJAX 获取部分,该应用程序启用了 CSRF
我的ajax代码
$('#classes').change(function(){
$classes=$(this).val();
$.ajax({
type:"POST",
data:{
'<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>',
'class':$classes
},
url:"<?php echo base_url();?>index.php/admin/getsection/"+$classes,
success:function(return_data)
{
//alert(return_data);
$('#section').html('');
$('#section').html(return_data);
$('#section').val(section);
}
});
当我第一次调用ajax函数时,它会运行完美。但是当我再次运行相同的功能时,它会return 403 forbidden error.
请指教我的做法
来自the docs:
Tokens may be either regenerated on every submission (default) or kept the same throughout the life of the CSRF cookie. The default regeneration of tokens provides stricter security, but may result in usability concerns as other tokens become invalid (back/forward navigation, multiple tabs/windows, asynchronous actions, etc). You may alter this behavior by editing the following config parameter
$config['csrf_regenerate'] = TRUE;
将其设置为 FALSE。
ur controller should be like this
function reply(){
$insert = $this->Message_model->send_message2();
$csrf = $this->security->get_csrf_hash();
if($this->input->is_ajax_request())
{
header("Content-type: application/json; charset=utf-8");
echo json_encode(array("data" => $insert,'csrf'=> $csrf));
}
ur jquery should be this way
var token = data.csrf;
$.ajax({
url: '/next/ajax/request/url',
type: 'POST',
data: { new_data: 'new data to send via post', csrf_token:token },
cache: false,
success: function(data, textStatus, jqXHR) {
// Get new csrf token for next ajax post
var new_csrf_token = data.csrf
//Do something with data returned from post request
},
error: function(jqXHR, textStatus, errorThrown) {
// Handle errors here
console.log('ERRORS: ' + textStatus + ' - ' + errorThrown );
}
});
你好,我正在调用控制器以在我的基于 codeigniter 的应用程序中使用 AJAX 获取部分,该应用程序启用了 CSRF
我的ajax代码
$('#classes').change(function(){
$classes=$(this).val();
$.ajax({
type:"POST",
data:{
'<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>',
'class':$classes
},
url:"<?php echo base_url();?>index.php/admin/getsection/"+$classes,
success:function(return_data)
{
//alert(return_data);
$('#section').html('');
$('#section').html(return_data);
$('#section').val(section);
}
});
当我第一次调用ajax函数时,它会运行完美。但是当我再次运行相同的功能时,它会return 403 forbidden error.
请指教我的做法
来自the docs:
Tokens may be either regenerated on every submission (default) or kept the same throughout the life of the CSRF cookie. The default regeneration of tokens provides stricter security, but may result in usability concerns as other tokens become invalid (back/forward navigation, multiple tabs/windows, asynchronous actions, etc). You may alter this behavior by editing the following config parameter
$config['csrf_regenerate'] = TRUE;
将其设置为 FALSE。
ur controller should be like this
function reply(){
$insert = $this->Message_model->send_message2();
$csrf = $this->security->get_csrf_hash();
if($this->input->is_ajax_request())
{
header("Content-type: application/json; charset=utf-8");
echo json_encode(array("data" => $insert,'csrf'=> $csrf));
}
ur jquery should be this way
var token = data.csrf;
$.ajax({
url: '/next/ajax/request/url',
type: 'POST',
data: { new_data: 'new data to send via post', csrf_token:token },
cache: false,
success: function(data, textStatus, jqXHR) {
// Get new csrf token for next ajax post
var new_csrf_token = data.csrf
//Do something with data returned from post request
},
error: function(jqXHR, textStatus, errorThrown) {
// Handle errors here
console.log('ERRORS: ' + textStatus + ' - ' + errorThrown );
}
});