skip to Main Content

I’m working in Codeigniter 4 with CSRF protection enabled. I have an AJAX call in an attached js file, and I can’t figure out how to generate the CSRF token. Previously, I have done it in php files with embedded js, but in the attached js file I can’t run php.

In the attached js file I have:

//makes a tooltip with description of analysis (header)
    $('.tbl-header').each(function () {
        makeHeaderInfo($(this))
    })

function makeHeaderInfo(header) {
        var analysis = header.hasClass('seed') ? 'Seedling ' + header.text().toLowerCase() : 'Sapling ' + header.text().toLowerCase();
        var posturl = baseURL + "forest_regen/getAnalysisDetails";
        var data = {};
        data['analysis'] = analysis;
//This is what I would do in a php file...
//       var csrfName = '<?= csrf_token() ?>'; 
//       var csrfHash = '<?= csrf_hash() ?>';   
//       data[csrfName]=csrfHash;
        $.when($.ajax({type: "POST", url: posturl, data: data, dataType: 'json'})).done(function (result) {
            var description = (result.fldDescription == null) ? 'No description for this analysis yet' : result.fldDescription
            header.children('.header-info').attr('title', description)
                    .tooltip({
                        trigger: 'click hover',
                        placement: 'top',
                        container: 'body'
                    })
        })
    }
    ;

I tried defining the variables in the php file which has this js file attached, but I get "csrfName is not defined." I’m not sure how to pass the variables to the js file?

Is there a way to generate the csrfName and csrfHash in javascript or jquery? Or another way to accomplish this?

Thank you!

2

Answers


  1. Chosen as BEST ANSWER

    I ended up using a hidden input field.

    VIEW:

    <input type="hidden" class="txt_csrfname" name="<?=csrf_token() ?>" value="<?=csrf_hash() ?>" />
    

    JAVASCRIPT:

    $('#functionInJSfile').DataTable({
    'processing': true,
    'serverSide': true,
    'serverMethod': 'post',
    'ajax': {
    'url':"",
    'data': function(data){
    // CSRF Hash
    var csrfName = $('.txt_csrfname').attr('name'); // CSRF Token name
    var csrfHash = $('.txt_csrfname').val(); // CSRF hash
    
    return {
    data: data,
    [csrfName]: csrfHash // CSRF Token
    };
    },
    dataSrc: function(data){
    
    // Update token hash
    $('.txt_csrfname').val(data.token);
    
    // Datatable data
    return data.aaData;
    }
    },
    

  2. Maybe making a route to return the created crsf_token would work, or saving to the browser cache or server session would work too

    like:

    returnCSRF = async () => {
    //function to make a POST call from ajax to a route in the server what return the csrf
    }
    const csrf = await returnCSRF()
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search