Codeigniter ajax CSRF problem

As others say - you have to post the CSFR token name and its value with the AJAX request parameters. Here is a simple solution to append it automatically to every AJAX request.

Here is what I put on my main view, so this code is on every page before loading the other javascript files:

   <script>     var csfrData = {};     csfrData['<?php echo $this->security->get_csrf_token_name(); ?>']                       = '<?php echo $this->security->get_csrf_hash(); ?>';   </script>   <!-- ... include other javascript files -->  </body></html>

And here is a part of a javascript file that I include on every page:

$(function() {    // Attach csfr data token    $.ajaxSetup({       data: csfrData    });});

You might like to try this code I've used. It works great:

<script type="text/javascript">$(function(){   $('.answerlist').each(function(e){  $(this).click(function(){    var valrad = $("input[@name=answer]:checked").val();    var post_data = {        'ansid': valrad,        '<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>'    };        $.ajax({                type: "POST",                url: "<?php echo base_url(); ?>online/checkanswer",                data: post_data,                success: function(msg){                  /// do something                 }            });  });   });});</script>

If you want, you can echo both the token name and the hash somewhere appropriate. Something like this.

 echo $this->security->get_csrf_token_name()

and

 echo $this->security->get_csrf_hash()

Or, you could use form_open() as usual and use the hidden input that is generated for you from your javascript. Disabling the CSRF-functionality is the wrong way to go.