[英]Codeigniter Ajax Forbidden
我對這個被禁止的問題感到困惑。 首先,我檢查了相關的stackoverflow帖子,並用谷歌搜索了一下,但仍然不知道。
項目詳情:
- Currently used libraries:
1. Carabiner (https://github.com/bcit-ci/CodeIgniter/wiki)
2. Template (https://github.com/jenssegers/codeigniter-template-library)
3. hmvc
3. instagram_api
- CSRF Protection turned on (I don't want false the protection)
- Followed main posts
1. https://stackoverflow.com/questions/40225908/ajax-post-not-working-codeigniter
2. https://stackoverflow.com/questions/22527412/403-forbidden-access-to-codeigniter-controller-from-ajax-request
- ISSUE: 403 Forbidden ("The action you have requested is not allowed.")
的HTML
instagram.php
form_open()函數為訪問令牌生成隱藏字段,它包含在ajax發布數據中。
<input type="hidden" name="csrf_token_localhost" value="3f5887fd41ac4eaa9b558afa7cb4a6de">
...
<?php echo form_open('admin/getInstagramAccessToken', array('id' => 'instagram_settings', 'class' => 'form-horizontal row-border')); ?>
...
<div class="col-sm-8 col-sm-offset-2">
<?php echo form_submit('submit', 'Get my access token', ['class' => 'btn-primary btn btn-get-token']); ?>
</div>
...
<?php echo form_close(); ?>
Java腳本
adminscript.js
$('#instagram_settings').submit(function( event ) {
var posting_data = $( this ).serializeArray();
event.preventDefault();
$.ajax({
type: 'POST',
dataType: 'json',
async: true,
cache: false,
data: posting_data,
url: 'admin/getInstagramAccessToken',
success: function(json) {
try{
console.log(json);
}catch(e) {
console.log('Exception while request..');
}
},
error: function(jqXHR, textStatus, errorThrown) {
console.log(jqXHR, textStatus, errorThrown);
},
complete: function() {
console.log('ajax complete');
}
})
控制者
Admin.php
public function getInstagramAccessToken()
{
if ($this->input->is_ajax_request())
{
$response['status'] = 'success';
echo json_encode($response);
}
else
{
// if the request if not ajax then show 404 error page
show_404();
}
}
當我將csrf保護狀態設置為false時,它們都可以正常工作。 或者,當我將帖子類型從“發布”更改為“獲取”時。 但是我想保持狀態為真,並使用“ post”方法。
兩張圖片的Dropbox鏈接:
表單加載后隱藏的CSRF令牌字段
過帳數據
https://www.dropbox.com/sh/e93ubgwzv9zir5j/AAA6vf5IWc1m7rtpGWGCpub4a?dl=0
請在您具有POST類型的每個表格中添加此代碼段。
<?php $csrf = array(
'name' => $this->security->get_csrf_token_name(),
'hash' => $this->security->get_csrf_hash()
); ?>
<input type="hidden" name="<?php echo $csrf['name']; ?>"
value="<?php echo$csrf['hash']; ?>" />
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.