如何避免“您请求的操作不被允许”错误与Knockout postJson函数调用 [英] How to avoid "The action you have requested is not allowed" error with Knockout postJson function call

问题描述

CodeIgniter给出错误您请求的操作不被允许。当它检查CSRF失败。根据我的理解，这意味着POST从表单中缺少隐藏的令牌，证明没有进行攻击。

CodeIgniter gives an error "The action you have requested is not allowed." when it fails the check for CSRF. As I understand it, this means the POST is missing the hidden token from the form that proves that an attack is not being done.

令牌是通过呼叫自动生成的到CI form_open函数。

The token is generated automatically with a call to the CI form_open function.

在我的例子中，我使用Knockout发布ViewModel的内容进行保存，如下：

In my case, I'm using Knockout to post the contents of a ViewModel for saving, like this:

ko.utils.postJson($("form")[0], self.pages);

我在其他地方找到解决方案，只是关闭特定页面的CSRF设置，但是似乎是一个很好的解决方案。

I've found solutions elsewhere that simply turn off the CSRF setting for the specific page, but that doesn't seem like a good solution.

大概是因为没有收到令牌，postJson调用不提交现有的表单。有没有办法提交所需的令牌与JSON数据或提交JSON数据与现有的表单？

Presumably because the token is not being received, the postJson call is not submitting the existing form. Is there a way to either submit the required token along with the JSON data or submit the JSON data with the existing form?

推荐答案

尝试使用 form_open（）和 form_close

all形成帮助函数。

all form helper functions that will help.

或者：我认为这是从时区差异，因为 Security 散列时间。

or: I think it's from time zone difference as the Security class depends on time for hashing.

这篇关于如何避免“您请求的操作不被允许”错误与Knockout postJson函数调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！