• Home
  • Contact
blog.biernacki.ca

Kuba's Online Workshop

  • Home
  • Contact

Enabling CSRF Protection in CodeIgniter for AJAX calls

12/06/2011 How To PHP 4 Comments

If you use CodeIgniter (CI) like me, you’ve probably read/heard about the CSRF protection that comes built into this great framework.  I typically kept ajax functionality (form submissions in this case) to a minimum as I wanted to focus more on development and finishing a project than prettying it up with ‘Web 2.0’ stuff.

Well in a couple of my last projects I’ve ran smack into CSRF protection and how it impacts AJAX (as well as many other things like Paypal payment gateway responses, etc).

If you found this page when searching for Codeigniter CSRF Ajax, then you’re in luck, as here is the easiest way to add CSRF protection to your ajax calls:

$.ajax({
	type: 'POST',
	url: '/action/fetch_more_blog_posts',
	data: { 	
		type: 'news', limit: limit, offset: offset, 
		<?php echo $this->security->get_csrf_token_name(); ?>: '<?php echo $this->security->get_csrf_hash(); ?>' },
	success: function(data) {
		$(data).appendTo('#more-entries');
		$('#older-posts').slideDown();
		offset += limit;
	}
});

The magic really here is the following entry in the data I am sending back to my controller:

<?php echo $this->security->get_csrf_token_name(); ?>: '<?php echo $this->security->get_csrf_hash(); ?>'

The `get_csrf_token_name()` gets you your token name from the security class (first set in your config), and the `get_csrf_hash();` simply outputs the secure hash from the security class. Simple enough.

If you have timeout issues (say your ajax page sits too long, you may increase the token a bit, test for best fit).

AJAXCIcodecodeigniterCSRFprotectionsecurity

No such thing as a "bandwidth" hog, finally proof!

CodeIgniter URI routing issue with Controllers inside folders

Categories
  • Android
  • Apple
  • Coldfusion
  • Cool Apps
  • CSS
  • GitHub
  • Hardware
  • How To
  • In the News
  • Javascript
  • Linux
  • PHP
  • RC Hobby
  • Reviews
  • SysAdmin
  • Thoughts & Rants
  • Tinkering
Recent Comments
  • Jim on Fixing ONKYO RC-710m Remote volume issues
  • Tony on Fixing ONKYO RC-710m Remote volume issues
  • Robert Lawrence on Fixing ONKYO RC-710m Remote volume issues
  • Dasen on Fixing ONKYO RC-710m Remote volume issues
  • Ahmed on Fixing ONKYO RC-710m Remote volume issues
RollmyBlog
  • Twitter
  • WebMojo Design
  • Windsor Ultimate
Archives
  • June 2020
  • January 2015
  • June 2014
  • February 2014
  • January 2014
  • December 2013
  • May 2013
  • February 2013
  • July 2012
  • June 2012
  • February 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • April 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • August 2010
  • July 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • November 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • June 2008
  • October 2007
  • September 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • January 2007
Proudly powered by WordPress | Theme: Doo by ThemeVS.