Codeigniter ajax CSRF problem
As others say - you have to post the CSFR token name and its value with the AJAX request parameters. Here is a simple solution to append it automatically to every AJAX request.
Here is what I put on my main view, so this code is on every page before loading the other javascript files:
<script> var csfrData = {}; csfrData['<?php echo $this->security->get_csrf_token_name(); ?>'] = '<?php echo $this->security->get_csrf_hash(); ?>'; </script> <!-- ... include other javascript files --> </body></html>
And here is a part of a javascript file that I include on every page:
$(function() { // Attach csfr data token $.ajaxSetup({ data: csfrData });});
You might like to try this code I've used. It works great:
<script type="text/javascript">$(function(){ $('.answerlist').each(function(e){ $(this).click(function(){ var valrad = $("input[@name=answer]:checked").val(); var post_data = { 'ansid': valrad, '<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>' }; $.ajax({ type: "POST", url: "<?php echo base_url(); ?>online/checkanswer", data: post_data, success: function(msg){ /// do something } }); }); });});</script>
If you want, you can echo both the token name and the hash somewhere appropriate. Something like this.
echo $this->security->get_csrf_token_name()
and
echo $this->security->get_csrf_hash()
Or, you could use form_open() as usual and use the hidden input that is generated for you from your javascript. Disabling the CSRF-functionality is the wrong way to go.