GroceryCRUD add, edit buttons not working when enabling CodeIgniter CSRF protection
I finally managed to solve my problem. Two options are available:
The easy way:
Set:
$config['grocery_crud_dialog_forms'] = false;
in application/config/grocery_crud.php
.
This option works well without CSRF protection enabled (that is, it can be set to true
to produce more elegant forms), but fails when set if no code modifications are done in the javascript.
The elegant way:
If we want to use:
$config['grocery_crud_dialog_forms'] = true;
in application/config/grocery_crud.php
to have the cute forms, then:
include the jquery.cookie plugin in pages with forms
add this code to your JS files to auto-magically insert the CSRF token in all ajax POST calls:
$(document).ready(function() { var csrf_token= $.cookie('csrf_cookie_name'); $.ajaxSetup({ data: { 'csrf_test_name' : csrf_token } }); });
I hope this will help someone else.
Just in case someone has the same error: For CI 3.0.1 and GroceryCRUD 1.5.1, Cookies are properly sent with AJAX requests, however because the token changes, only the first request will work.
To always use the same token, set (in application/config/config.php
):
$config['csrf_regenerate'] = FALSE;
Edit: Manual for reference: http://www.codeigniter.com/user_guide/libraries/security.html#cross-site-request-forgery-csrf