codeigniter阿贾克斯CSRF问题 [英] Codeigniter ajax CSRF problem
问题描述
我做了一个简单的自动加载功能加载的内容,当你在网站上向下滚动。然而,似乎有一些问题,当我启用codeigniter CSRF保护。
I've made a simple autoload function that loads content when you scroll down on a website. However, there seems to be a few problems when i enable CSRF protection in Codeigniter.
我不使用的一种形式,所以我不知道我可以从A发送令牌时,我做我的职位要求为您滚动到B点。
I'm not using a form, so i don't know how i can send the token from A to B when i'm doing my post request as you scroll.
我的JavaScript
My JavaScript
if (location.href == baseurl) {
$(window).scroll(function(){
if ($(window).scrollTop() > $('body').height() / 2) {
if(doScroll == 1) {
$.post(baseurl + 'ajax/images',{'id' : ID}, function(data) {
$("#wrapper_content").append(data);
if(data == 'Det finnes ikke flere bilder i databasen, WTF!? Send inn forslag ASAP!') {
doScroll = 0;
}
ID++;
});
}
}
});
}
由于codeigniter希望对所有的POST请求,我不能得到这个工作的时候CSRF我启用的令牌。有什么建议?
Since Codeigniter expects a TOKEN on all POST request i can't get this to work when CSRF i enabled. Any suggestions?
当CSRF是启用错误
无法加载资源:与500(内部服务器错误)状态
Failed to load resource: the server responded with a status of 500 (Internal Server Error)
如果我打开CSRF关闭,一切都很正常......
If i turn CSRF off, everything works great...
推荐答案
如果你愿意,你可以既呼应的标记名称和散列的地方为宜。事情是这样的。
If you want, you can echo both the token name and the hash somewhere appropriate. Something like this.
echo $this->security->get_csrf_token_name()
和
echo $this->security->get_csrf_hash()
或者,你可以使用form_open()像往常一样,并使用从你的JavaScript为您生成的隐藏输入。禁用CSRF-功能是错误的路要走。
Or, you could use form_open() as usual and use the hidden input that is generated for you from your javascript. Disabling the CSRF-functionality is the wrong way to go.
这篇关于codeigniter阿贾克斯CSRF问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!