CODEWITHSUNDEEP
phpangularjsrestcodeigniter-3
Sherin Green
Sherin Green

Reputation: 358

Codeigniter 3.0 CSRF security on angular js 1.x is getting 500 error on $http.post() method

Codeigniter CSRF security on angularjs 1.x is getting 500 error on $http.post() method . Its worked for me on form submission(ordinary form action submit),but when i use angular ajax for same form submission i am getting 500.Please help me 

var angCntrl =  angular.module('stepsReg',['ngMaterial', 'ngMessages', 'material.svgAssetsCache','mdPickers','naif.base64','ngFileUpload','uiCropper','ngCookies'])
   angCntrl.controller('DemoCtrl', function($scope,$window, $cookies,$http,$mdpDatePicker,$mdpTimePicker,$timeout,$q,$mdDialog,$filter,Upload) {

        var cct = $cookies.get('csrf_cookie_name');

        $scope.insertid  = '';
        $scope.outletid  = '';
        $scope.currentid = currentid;

        $scope.stepOneNext = function() { 
            var insertid  = $('#insertid').val();
            var profileId = $('.current_id').val();
            var pCategory = $('#parentCat').val();
            var name      = $('#name').val();
            var email     = $('#email').val();

            $http({
                method: 'post',
                url: base_url+'customer/steponeRegistion',
                data:{'csrf_crypt':cct,"insertid":insertid,"profileId":profileId,"pCategory":pCategory,"name":name,"email":email},
                config: 'Content-Type: application/json;',
            }).then(function (response) {
                alert(response.data);
                $scope.insertid = response.data;   
            });
        }

Upvotes: 0

Views: 243

Answers (2)

Karlo Kokkak
Karlo Kokkak

Reputation: 3714

You need a fresh csrf token if you've already used it once.

You can create a page where you can fetch a new token from.

Use the below functions to get the token name and get a value for it.

$this->security->get_csrf_token_name();
$this->security->get_csrf_hash();

Alternatively, to keep the token the same without regeneration, and to avoid usability concerns, you can turn off csrf regeneration by changing the below config to FALSE. CSRF security is still there, just that you're not required to regenerate its token in each request.

$config['csrf_regenerate'] = FALSE; // in application/config/config.php

https://www.codeigniter.com/user_guide/libraries/security.html#cross-site-request-forgery-csrf

Upvotes: 0

Pawan Singh
Pawan Singh

Reputation: 71

CSRF token can be used only once on a page.In Codeigniter 3.0 you can exclude that URL by config file.

$config['csrf_exclude_uris'] = array(); //pass your url in array.

codeigniter will not check any CSRF token.

Upvotes: 1

Related Questions