使用Ajax的Codeigniter CSRF保护错误 [英] codeigniter csrf protection error with ajax
问题描述
我在这里有一个小问题,我无法解决,这篇文章仍然可以解决,但响应返回 500内部服务器错误
谁来解决? / p>
在CI论坛中搜索后,我发现此链接 codeigniter-csrf-protection-with-ajax 但我无法解决。有人可以帮助我吗?
您应该在AJAX POST请求中包含csrf密钥,以使操作生效。
但是,您只是在获取数据,因此使用 method:'get'代替 method:'post'应该可以解决问题并提出请求工作。
请参阅此问题关于何时使用POST以及何时使用GET的精彩讨论
如果的确确实在计划将数据发布到服务器,并且它抱怨缺少CSRF密钥,有两种方法可以将其添加到请求中:
-
使用插件允许原型从由codeigniter设置的csrf cookie中提取数据;这可能会更优雅,但是会增加您的脚本总数;这是有关如何访问原型 http://codeinthehole.com/writing/javascript-cookie-objects-using-prototype-and-json/
-
从现有表单发送此请求,它应该有一个包含键的隐藏输入字段,您可以使用
var csrf = $( input [name = csrf_key])。val();(这是jQuery语法,但是我敢肯定原型版本离我们不太远)。
如果该页面中没有表单,只需编写echo form_open();即可。 form_close();某个位置,以确保CI可以打印出隐藏字段。
最后,请确保您将值与POST请求一起发送,以确保您是个很酷的人,不想对服务器进行黑客攻击。您应该将此参数添加到JS中的ajax请求中:
参数:{'csrf_key':csrf}
其中csrf是从中(从cookie或从隐藏的输入中)获取密钥的变量。确保名称正确!如果您要获取Cookie,请确保Cookie名称与 config / config.php 中设置的名称一致。
希望这会有所帮助!
i have a small problem here which i cannot fix,This post goes through but the response returns a "500 internal server error"
who to fix it?
after search in CI forum i found this this link codeigniter-csrf-protection-with-ajax but i cant solve by it.can any one help me?
You should include the csrf key in your AJAX POST request to get the action to work.
However, you're only GETTING data, so using method:'get' instead of method:'post' should do the trick and make your request work.
See this question for a wonderful discussion on when to use POST and when to use GET
If you are, indeed, planning on POSTing data to the server, and it complains about the lack of the CSRF key, there are two ways to add it to the request:
use a plugin to allow prototype to extract the data from the csrf cookie that's being set by codeigniter; this might be more elegant, but would add a little more to your total scripts; here's a post with more detail on how to access cookies in prototype http://codeinthehole.com/writing/javascript-cookie-objects-using-prototype-and-json/
if you're sending this request from an existing form, it should have a hidden input field containing the key, which you would be able to simply access with something like
var csrf = $("input[name=csrf_key]").val();(This is jQuery syntax, but I'm sure the prototype version isn't too far away). If there isn't a form in that page, just write anecho form_open(); form_close();somewhere to make sure the hidden field gets printed out by CI.
Finally, make sure you send that value alongside the POST request, to make sure you're cool guy who doesn't want to hackz0r the server. You should add this parameter to the ajax request in JS:
parameters: {'csrf_key' : csrf}
Where csrf is the variable in which you fetched the key (from the cookie or from the hidden input). Make sure the names are alright! If you're fetching the cookie, make sure the cookie name coincides with the one set in config/config.php. Same goes for the input token!
Hope this helps!
这篇关于使用Ajax的Codeigniter CSRF保护错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
