[英]phalcon php csrf token validation fails when working via ajax
Im am working with the phalcon Framework and i decided to work with the csrf function available. 我正在使用phalcon框架,因此我决定使用可用的csrf函数。 I followed all the steps needed as shown in documentation.
我遵循了文档中所示的所有必要步骤。
I receive the data, the token and its value and i run 我收到数据,令牌及其值,然后运行
$data = $this->request->getJsonRawBody();
print_r($data); //// proper data
if ($this->request->isPost()) {
if ($this->security->checkToken()) {
die('proper token');
}
else{die('NOT A proper token');}
}
And my post request is like this : 我的发帖要求是这样的:
$scope.submit = function() {
$scope.formData.token = [$("#token").attr("name"), $("#token").val()];
$http.post(
'http://localhost/project/index/function',
JSON.stringify($scope.formData)
).success(function(data) { alert(data);
if (data.isValidToken) {
alert("Ok, you win!!!");
} else {
alert("Sorry, not valid CSRF !!!")
}
});
return false;
};
i check the session data, the tokens stored there while generating the form are different than the one's i print out when the ajax request is done . 我检查了会话数据,生成表单时存储在其中的令牌与完成ajax请求时打印出的令牌不同。 Could someone point me what im doing wrong ?
有人可以指出我做错了什么吗?
Phalcon\\Security::checkToken
is use $_POST
by default. Phalcon\\Security::checkToken
默认情况下使用$_POST
。 If you need use ajax, pass tokenKey
and tokenValue
to Phalcon\\Security::checkToken
. 如果需要使用ajax,
tokenKey
和tokenValue
传递给Phalcon\\Security::checkToken
。
$data = $this->request->getJsonRawBody();
if ($this->request->isPost()) {
$tokenKey = $this->session->get('$PHALCON/CSRF/KEY$');
$tokenValue = $data->{$tokenKey};
if ($this->security->checkToken($tokenKey, $tokenValue)) {
die('proper token');
}
else{die('NOT A proper token');}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.