php Question posted in
Official manual can be found here.

Php – CSRF token for AJAX call in attached javascript file

I’m working in Codeigniter 4 with CSRF protection enabled. I have an AJAX call in an attached js file, and I can’t figure out how to generate the CSRF token. Previously, I have done it in php files with embedded js, but in the attached js file I can’t run php.

In the attached js file I have:

//makes a tooltip with description of analysis (header)
    $('.tbl-header').each(function () {
        makeHeaderInfo($(this))
    })

function makeHeaderInfo(header) {
        var analysis = header.hasClass('seed') ? 'Seedling ' + header.text().toLowerCase() : 'Sapling ' + header.text().toLowerCase();
        var posturl = baseURL + "forest_regen/getAnalysisDetails";
        var data = {};
        data['analysis'] = analysis;
//This is what I would do in a php file...
//       var csrfName = '<?= csrf_token() ?>'; 
//       var csrfHash = '<?= csrf_hash() ?>';   
//       data[csrfName]=csrfHash;
        $.when($.ajax({type: "POST", url: posturl, data: data, dataType: 'json'})).done(function (result) {
            var description = (result.fldDescription == null) ? 'No description for this analysis yet' : result.fldDescription
            header.children('.header-info').attr('title', description)
                    .tooltip({
                        trigger: 'click hover',
                        placement: 'top',
                        container: 'body'
                    })
        })
    }
    ;

I tried defining the variables in the php file which has this js file attached, but I get "csrfName is not defined." I’m not sure how to pass the variables to the js file?

Is there a way to generate the csrfName and csrfHash in javascript or jquery? Or another way to accomplish this?

Thank you!

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I ended up using a hidden input field.

    VIEW:

    <input type="hidden" class="txt_csrfname" name="<?=csrf_token() ?>" value="<?=csrf_hash() ?>" />

    JAVASCRIPT:

    $('#functionInJSfile').DataTable({
'processing': true,
'serverSide': true,
'serverMethod': 'post',
'ajax': {
'url':"",
'data': function(data){
// CSRF Hash
var csrfName = $('.txt_csrfname').attr('name'); // CSRF Token name
var csrfHash = $('.txt_csrfname').val(); // CSRF hash

return {
data: data,
[csrfName]: csrfHash // CSRF Token
};
},
dataSrc: function(data){

// Update token hash
$('.txt_csrfname').val(data.token);

// Datatable data
return data.aaData;
}
},

  2. 0

    Maybe making a route to return the created crsf_token would work, or saving to the browser cache or server session would work too

    like:

    returnCSRF = async () => {
//function to make a POST call from ajax to a route in the server what return the csrf
}
const csrf = await returnCSRF()
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search