发表新帖
发表新帖

Codeigniter CSRF valid for only one time ajax request

前端 未结
关注
9 839
鱼传尺愫
鱼传尺愫 2020-12-03 11:46

I want to upload image on the server on change event of jQuery but using codeigniter csrf I am able to upload image only one time. How can I upload images using ajax for mul

相关标签:
9条回答
  • 北海茫月
    2020-12-03 12:03

    add this at a js file which is loaded every page (I put this at the end of jquery.js )

        $.ajaxSetup({
        beforeSend:function(jqXHR, Obj){
            var value = "; " + document.cookie;
            var parts = value.split("; csrf_cookie_name=");
            if(parts.length == 2)   
            Obj.data += '&csrf_token='+parts.pop().split(";").shift();
        }
    });

    (notice that in every ajax request you can not have empty data to send)

    "csrf_cookie_name" at top defined in config.php 

    $config['csrf_cookie_name'] = 'csrf_cookie_name';
    0 讨论(0)
  • 感动是毒
    2020-12-03 12:11

    Edit the config:

    $config['csrf_exclude_uris'] = ['controller/method'];

    Array can include all whitelisted controllers/methods you want the csrf protection to be disabled for.

    The array can also handle regular expressions such as:

    $config['csrf_exclude_uris'] = array(
                                        'api/record/[0-9]+',
                                        'api/title/[a-z]+'
                                );

    For more information visit Codeigniter Documentation - Security Class

    0 讨论(0)
  • 不要未来只要你来
    2020-12-03 12:13

    In my opinion you should try to recreate your csrf token each request

    Try this code example...

    For the js funcion

    var csrfName = '<?php echo $this->security->get_csrf_token_name(); ?>',
    csrfHash = '<?php echo $this->security->get_csrf_hash(); ?>';
("#avatar").change(function(){
    var link = $("#avatar").val();

    var dataJson = { [csrfName]: csrfHash, id: "hello", link: link };

    $.ajax({
        url : "<?php echo base_url('main/test'); ?>",
        type: 'post',
        data: dataJson,            
        success : function(data)
        {   
            csrfName = data.csrfName;
            csrfHash = data.csrfHash;
            alert(data.message);
        }  
    });
});

    and for the controller

    public function test() { 
    $config['upload_path'] = './uploads/'; 
    $config['allowed_types'] = 'gif|jpg|png'; 
    $config['max_size'] = 500; 
    $config['max_width'] = 260; 
    $config['max_height'] = 260; 

    $reponse = array(
                'csrfName' => $this->security->get_csrf_token_name(),
                'csrfHash' => $this->security->get_csrf_hash()
                )

    $this->load->library('upload', $config); 
    if (!$this->upload->do_upload('link')) { 
        $reponse['message'] = "error"; 
    } 
    else { 
        $data = array('upload_data' => $this->upload->data()); 
        $image_name = $data['upload_data']['file_name']; 
        $reponse['message'] = $image_name; 
    } 

    echo json_encode($reponse);
}

    Let me know and good luck

    Note: When someone ask you for posting more data to the question, don't post it as a comment or answer, it's better to edit the question itself and adding the stuff

    0 讨论(0)
 看不清?
提交回复
热议问题