如何将CodeFill中的CSRF包含到ajax数据中 [英] How to include CSRF from Codeigniter into ajax data
问题描述
我试图传递一些数据到我的控制器,但我得到一个500错误。经过一些研究,我发现它是由CSRF令牌不发送引起的。
看起来我需要包括这个与数据:<?php echo $ this-> security-> get_csrf_token_name(); ?>:<?php echo $ this-> security-> get_csrf_hash();?>
JS是非常弱,所以我有点困惑,如何改变这包括上述。
<脚本类型=text / javascript>
$(document).ready(function(){
$(#order)。sortable({
update:function(event,ui){
order = $ ('#order')。sortable('serialize');
$ .ajax({
url:<?= base_url()。'admin / category / update_order'?&
type:POST,
data:order,
success:function(response){
console.log(response);
}
} );
}
});
}
);
< / script>
令牌需要在 data $。ajax 的参数。
order ['<??php echo $ this-> security-> get_csrf_token_name(); ?>'] ='<?php echo $ this-> security-> get_csrf_hash(); ?>';
但是,这里有一些不好的做法。主要是你不应该在你的javascript中使用PHP,因为这阻止你能够作为一个单独的文件访问javascript(这是好的,因为浏览器会缓存它,使你的页面加载更快,消耗更少的带宽)。
最好将令牌存储在您的订单< form> html。
< input type =hiddenname =<?php echo $ this-> security-> get_csrf_token_name();?" value =<?php echo $ this-> security-> get_csrf_hash();?> />
然后,它将与其余的表单数据序列化。
您还可以将网址存储在表单的action属性中。这将有助于您的脚本正常降级,并将网址保留在一个位置,而不是2。
< form id =order method =postaction =<?= base_url()?> admin / category / update_order>
在 $。ajax 调用中,类似这样 url:$('#order')。attr('action'),假设#order是实际的表单id。
I am trying to pass some data into my Controller, but I'm getting a 500 error. After some research, I discovered that it's caused by the CSRF token not being sent.
It seems like I need to include this along with the data: <?php echo $this->security->get_csrf_token_name(); ?>:"<?php echo $this->security->get_csrf_hash(); ?>"
My JS is pretty weak, so I'm a little confused on how to alter this to include the above.
<script type="text/javascript">
$(document).ready(function() {
$("#order").sortable({
update : function (event, ui) {
order = $('#order').sortable('serialize');
$.ajax({
url: "<?=base_url().'admin/category/update_order'?>",
type: "POST",
data: order,
success: function(response){
console.log(response);
}
});
}
});
}
);
</script>
The token needs to be passed in the data argument of $.ajax.
This should work but see my notes below.
order['<?php echo $this->security->get_csrf_token_name(); ?>'] = '<?php echo $this->security->get_csrf_hash(); ?>';
However, there are a few bad practices going on here. Mainly you should not use PHP in your javascript because this prevents you from being able to access the javascript as a separate file (this is good because browsers will cache it to make your page load faster and consume less bandwidth).
It's better to store the token in your order <form> html like this..
<input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash(); ?>" />
Then it will get serialized with the rest of your form data.
You can also store the URL in the form's action attribute. This will help your script gracefully degrade and also keeps the URL in one place instead of 2.
<form id="order" method="post" action="<?=base_url()?>admin/category/update_order">
In the $.ajax call, use something like this url: $('#order').attr('action'), assuming #order is the actual form id.
这篇关于如何将CodeFill中的CSRF包含到ajax数据中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
