Karl_T Posted July 28, 2017 Posted July 28, 2017 For some reasons I am not submitting a form but individual input fields via ajax. I would like to use SessionCSRF to protect from cross domain request. Is it possible to make SessionCSRF work in this case? And how? Thanks.
blynx Posted July 29, 2017 Posted July 29, 2017 Hej, it is more or less the same as with forms. Add the hidden token inputfield to the page and then add the CSRF token to every ajax field submit - and then check it on the backend side. I assume if you send the submit via POST, form url encoded with the correct key - value pairs it should just work.
Karl_T Posted July 29, 2017 Author Posted July 29, 2017 Thanks. I put <?=$session->CSRF->renderInput();?> somewhere inside template. And then do something like the following inside js. var data = { 'firstname': $("#firstname").val(), 'lastname': $("#lastname").val(), }; var CSRF_name = $("._post_token").attr("name"); var CSRF_token = $("._post_token").val(); data[CSRF_name] = CSRF_token; $.ajax({ url: "/ajax/", data: data, method: 'post', }); then inside ajax.php if($session->CSRF->hasValidToken()) { //do something } This works.
.thumb.gif.bec9d4a6a07075e45a240a8431e5cbd8.gif)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now