带有jqGrid的代码:使用csrf_token [英] Codeigniter with jqGrid: use csrf_token
问题描述
如果在配置文件中,我将 csrf_token
设置为 false
,一切正常。但是当 csrf_token
是 true
时,我的网格只能从数据库获取数据,但不能更新或任何其他。
我通过这个网站上关于Сodeigniter+ jqGrid的帖子,但仍然不明白我该怎么办。
我可以获得 csrf_token
的值,但应包含在哪里?
var lastsel;
var addl_params =
{
ci_csrf:$ .cookie('ci_csrf_token')
};
$(#grid)。jqGrid({
url:'url to script',
datatype:json,
mtype: ,
colNames:['id','Nickname','Breed'],
colModel:[
{name:'id',index:'id',width:55,sortable :false,editable:false,
editoptions:{readonly:true,size:10}},
{name:'nickname',index:'nickname',width:100,editable:true,
edittype:text},
{name:'breed',index:'breed',width:100,editable:true,edittype:text},
] $ b jsonReader:{
root:rows,
page:page,
total:totalpages,
records:records
}
rowNum:10,
rowList:[10,20,30],
pager:jQuery('#gridpager'),
sortname:'nickname',
viewrecords:true,
sortorder:asc,
caption:Cats,
onSelectRow:function(id){
if(id& id!== lastsel){
jQuery('#grid')。jqGrid('restoreRow',lastsel);
jQuery('#grid')。jqGrid('editRow',id,true,null,null);
lastsel = id;
}
},
editurl:edit-url
})。navGrid('#gridpager');
首先需要了解CSRF:
http://www.beheist.com/index.php/en/blog/csrf-protection-in-codeigniter-2-0-a-closer-look
从该帖子:
Security类为CSRF令牌生成一个唯一值
每个HTTP请求。创建对象时,设置
的名称和值。
可能发生的事情(我不熟悉jqGrid)每个 form
可能得到它自己的CSRF令牌。或者,可能所有表单只有一个令牌。无论哪种方式,CodeIgniter都需要每个HTTP请求和响应一个令牌。基本上,您需要关闭第一个请求创建页面和数据的POST的循环。
因此,您可能需要深入jqGrid代码
更新:上面的博客中的一条评论已经发布了, Ajax CSRF问题的链接: http://aymsystems.com/ajax-csrf-protection- codeigniter-20If in config file I set csrf_token
to false
and everything works. However when csrf_token
is true
, my grid can only get data from database but not update or anything else.
I'm looking through the posts on this site about Сodeigniter+jqGrid but still haven't understand what should I do.
I can get the value of csrf_token
but where it should be included?
var lastsel;
var addl_params =
{
ci_csrf: $.cookie('ci_csrf_token')
};
$("#grid").jqGrid({
url:'url to script',
datatype: "json",
mtype: 'GET',
colNames:['id', 'Nickname', 'Breed'],
colModel:[
{name:'id',index:'id', width:55, sortable:false, editable:false,
editoptions:{readonly:true,size:10}},
{name:'nickname',index:'nickname', width:100,editable:true,
edittype:"text"},
{name:'breed',index:'breed', width:100,editable:true, edittype:"text"},
],
jsonReader : {
root:"rows",
page: "page",
total: "totalpages",
records: "records"
},
rowNum:10,
rowList:[10,20,30],
pager: jQuery('#gridpager'),
sortname: 'nickname',
viewrecords: true,
sortorder: "asc",
caption:"Cats",
onSelectRow: function(id){
if(id && id!==lastsel){
jQuery('#grid').jqGrid('restoreRow',lastsel);
jQuery('#grid').jqGrid('editRow',id,true,null, null);
lastsel=id;
}
},
editurl:"edit-url"
}).navGrid('#gridpager');
First it's necessary to understand CSRF:
http://www.beheist.com/index.php/en/blog/csrf-protection-in-codeigniter-2-0-a-closer-look
From that post:
"The Security class generates a unique value for the CSRF token with each HTTP request. When the object is created, the name and value of the token are set."
What is possibly happening (I'm not familiar with jqGrid) is each form
is possibly getting it's own CSRF token. Or, it's possible that there is only one token for all the forms. Either way, CodeIgniter expects one token per HTTP request and response. Basically, you need to close the loop on the first request to create the page, and the POST of the data.
Therefore, you may need to dig into the jqGrid code and the CI view to make sure that your output generates the CSRF token as desired.
Update: One of the comments on the blog above had a link to Ajax CSRF problems: http://aymsystems.com/ajax-csrf-protection-codeigniter-20
这篇关于带有jqGrid的代码:使用csrf_token的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!