Topic: XAJAX + CODEIGNITER + CSRF PROTECCION

Good morning,

In Codeigniter I am using xajax.
Everything works fine until active protection against CSRF.

CodeIgniter config.php file

$ Config ['csrf_protection'] = TRUE;

When protection is TRUE, the output in xajax debug tells me:


xajax debug output

Sat Oct 27 08:40:31 UTC+0200 2012
DONE [50ms]

Sat Oct 27 08:40:31 UTC+0200 2012
ERROR: No response processor is available to process the response from the server.Content-Type: text/html.Check for error messages from the server.

Sat Oct 27 08:40:31 UTC+0200 2012
ERROR: The server returned the following HTTP status: 500 
RECEIVED:<!DOCTYPE html><html lang="en"><head><title>Error</title><style type="text/css">::selection{ background-color: #E13300; color: white; }::moz-selection{ background-color: #E13300; color: white; }::webkit-selection{ background-color: #E13300; color: white; }body {background-color: #fff;margin: 40px;font: 13px/20px normal Helvetica, Arial, sans-serif;color: #4F5155;}a {color: #003399;background-color: transparent;font-weight: normal;}h1 {color: #444;background-color: transparent;border-bottom: 1px solid #D0D0D0;font-size: 19px;font-weight: normal;margin: 0 0 14px 0;padding: 14px 15px 10px 15px;}code {font-family: Consolas, Monaco, Courier New, Courier, monospace;font-size: 12px;background-color: #f9f9f9;border: 1px solid #D0D0D0;color: #002166;display: block;margin: 14px 0 14px 0;padding: 12px 10px 12px 10px;}#container {margin: 10px;border: 1px solid #D0D0D0;-webkit-box-shadow: 0 0 8px #D0D0D0;}p {margin: 12px 15px 12px 15px;}</style></head><body><div id="container"><h1>An Error Was Encountered</h1><p>The action you have requested is not allowed.</p> </div></body></html>

Sat Oct 27 08:40:31 UTC+0200 2012
SENT [84 bytes]

Sat Oct 27 08:40:31 UTC+0200 2012
SENDING REQUEST

Sat Oct 27 08:40:31 UTC+0200 2012
CALLING: xjxfun: testXajaxURI: editor

Sat Oct 27 08:40:31 UTC+0200 2012
POST: xjxfun=testXajax&xjxr=1351320031365&csrf_token_name=5d5943d229a3939cb8c6557d131b7ded

/*------------- In the xajax request token is sent but not processed ----------------*/

Sat Oct 27 08:40:31 UTC+0200 2012
PREPARING REQUEST

Sat Oct 27 08:40:31 UTC+0200 2012
PROCESSING PARAMETERS [0]

Sat Oct 27 08:40:31 UTC+0200 2012
INITIALIZING REQUEST

Sat Oct 27 08:40:31 UTC+0200 2012
STARTING XAJAX REQUEST

I configured files in the library XAJAX:

  • XajaxDefaultIncludePlugin.inc.php [/ *]

  • xajax_core.js [/ *]


XajaxDefaultIncludePlugin.inc.php

/*Into printJavascriptConfig() method*/
// add the csrf token to the generated javascript file so we can use it with the client
$CI =& get_instance();
echo $sCrLf;
echo 'xajax.config.csrf_test_name = "';
echo $CI->security->get_csrf_hash();
echo '";';

xajax_core.js

// add csrf token to oRequest.requestURI (see line #3302)
var csrf = xx.config.csrf_test_name;
rd.push('&csrf_token_name=');
rd.push(csrf);
delete csrf;

With these changes continues to give the error mentioned.

Any idea to solve the compatibility XAJAX + Codeigniter CSRF?

Very thanks to all

Re: XAJAX + CODEIGNITER + CSRF PROTECCION

This link has what you are looking for:

http://www.gen.newrandom.com/2011/07/21 … -csrf-fix/

If you ever stop learning you may as well dig a hole, crawl in and pull the top over yourself.

Re: XAJAX + CODEIGNITER + CSRF PROTECCION

Goodnight Mr. edrobinson,

It is precisely at this link where I found the code in my post, but I can not make it work.

Re: XAJAX + CODEIGNITER + CSRF PROTECCION

Oops! Sorry, I didn't look at the code...

I'll have a closer look and get back to you.

If you ever stop learning you may as well dig a hole, crawl in and pull the top over yourself.