csrf codeigniter 4/3 ajax 比較佳的解決方案
views/header.php
<!-- CSRF Hash -->
<script>var dw_csrf_hash = '<?= $this->security->get_csrf_hash() ?>';</script>
Controller ajax/csrf
class Ajax extends CI_Controller
{
public function csrf()
{
$this->output
->set_content_type('application/json')
->set_output(json_encode(array(
'csrf_hash' => $this->security->get_csrf_hash(),
)));
}
function __construct()
{
parent::__construct();
// We want to make sure we're making the JSON call every time
$this->output->set_header("X-Robots-Tag: noindex");
$this->output->set_header('Cache-Control: no-store, no-cache');
}
}
html
function get_csrf()
{
// Retrieve the latest value of the CSRF hash and update the global JS variable
$.get('/ajax/csrf', function(data) {
dw_csrf_hash = data.csrf_hash;
});
}
// Every time an AJAX call is made, call the get_csrf() function
$(document).ajaxComplete(function(event, data, settings) {
get_csrf();
});
Hii are someone know the best ways to regenerate csrf token on ajax form submit