Harpreet Singh Sahota asked 9 years ago
Broken Delete functionality: I have included PHPGRID in Codeigniter where I'm using CSFR to secure forms so, when I try delete some record it failed because I'm not able to include CRSF code in delete form. Please let me know how do I include custom values in form like Delete. I have corrected all the remaining functionalities but Delete functionality isn't getting tweaked as per my requirement.
Abu Ghufran answered 9 years ago
You can set following for token:value for Cross-Site Request Forgery (CSRF) —e.g. 'X-CSRF-Token', 'abc'
$grid["loadBeforeSend"] = "function(jqXHR) { jqXHR.setRequestHeader('X-CSRF-Token', 'abc' );}";
$grid["edit_options"]["ajaxEditOptions"]["beforeSend"] = "function(jqXHR) { jqXHR.setRequestHeader('X-CSRF-Token', 'abc' );}";
$grid["edit_options"]["ajaxEditOptions"]["beforeSend"] = "function(jqXHR) { jqXHR.setRequestHeader('X-CSRF-Token', 'abc' );}";
$grid["delete_options"]["ajaxDelOptions"]["beforeSend"] = "function(jqXHR) { jqXHR.setRequestHeader('X-CSRF-Token', 'abc' );}";
$g->set_options($grid);
If you can manage COOKIE based csrf, it would make things more simpler.
Joao Patricio answered 9 years ago
another option would be adding to the header of the request directly via jquery
$.ajaxSetup({ headers: { 'X-CSRF-TOKEN': '<?= your_token_function() ?>' } });
and having your codeigniter method to also look for the X-CSRF-TOKEN value
