在单元格上通过jqgrid传递csrf令牌 [英] passing csrf token through jqgrid on cell edit

问题描述

我正在使用Codeigniter和jqgrid来构建应用程序.出于安全原因，我最近启用了Codeigniter的内置CSRF保护，并且它用jqgrid破坏了某些功能.实例化jqgrid时，我已经能够传递csrf令牌，这样我的所有数据都会加载(通过将csrf令牌添加到postData中)，但是现在我每次编辑单元格都会收到500错误，因为csrf令牌没有被使用通过了.我可以在每次编辑单元格时通过查看发布数据来验证这一点.我在几个地方读到了editData是我想要的，但是在其中添加令牌似乎并没有在edit ajax请求中传递它.有什么想法吗?

I'm using Codeigniter and jqgrid to build an application. I've recently enabled Codeigniter's builtin CSRF protection for security reasons, and it broke some stuff with jqgrid. I've been able to pass the csrf token when jqgrid is instantiated so all my data loads (by adding the csrf token to the postData), but now anytime I edit a cell I get a 500 error because the csrf token isn't being passed. I can verify this by looking at the post data each time I edit a cell. I read several places that editData is what I want, but adding the token in there doesn't seem to pass it in the edit ajax request. Any ideas?

$("#cust_grid").jqGrid({
    url:'/ajax/grid',
    datatype: 'xml',
    mtype: 'POST',              
    postData: {<?php echo $this->security->get_csrf_token_name().":'".$this->security->get_csrf_hash()."'"; ?>},
    editData: {<?php echo $this->security->get_csrf_token_name().":'".$this->security->get_csrf_hash()."'"; ?>},
    colNames:['Name1', 'Name2'],
    colModel :[ 
        {name:'name1', index:'name1', width:55, search: true},
        {name:'name2', index:'name2', width:110, search: true},
                        ],
    pager: '#pager',
    rowNum:25,
    rowList:[10,25,50,100],
    sortname: 'name1',
    sortorder: 'asc',
    viewrecords: true,
    gridview: true,
    caption: 'Customers',
    height: 600,
    width: 1200,
    shrinkToFit: false,
    altRows: true,
    cellEdit: true,     
    cellsubmit: "remote",
    cellurl: "/ajax/editCell",
},
{}
);

推荐答案

我最终找到了解决该问题的另一种方法.我正在研究另一个答案中发布的单元格编辑链接，并且看到了beforeSubmitCell选项.事实证明，如果您从该函数返回json数据，则每当单元格被编辑时，它将被附加到发布数据中.因此，我需要做的就是添加一个选项:

I ended up finding another solution to the problem. I was investigating the cell editing link posted in the another answer and I saw the beforeSubmitCell option. Turns out if you return json data from that function it will be appended to the post data each time a cell is edited. So all I needed to do was add as an option:

beforeSubmitCell: function (rowid,celname,value,iRow,iCol) {
  return {<?php echo $this->security->get_csrf_token_name().":'".$this->security->get_csrf_hash()."'";?>} 
},

这篇关于在单元格上通过jqgrid传递csrf令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！