1

Using PyroCMS, I send a POST request that returns a HTTP 505. If I send GET request on same url is is working.

This is my route file code.

$route['admin/pms(/:any)?'] = 'admin$1';

This is url i send.

http://domain.com/index.php/admin/pms/index/2?

Why doesn't POST work?

Jørgen R
  • 10,568
  • 7
  • 42
  • 59
  • HTTP 505 error means ["version not supported"](http://www.checkupdown.com/status/E505.html). Are you sure this is what you are getting? Can you check the headers and see what error message you get? – Jørgen R Jan 21 '14 at 13:55
  • i got this error in header. `The action you have requested is not allowed.` –  Jan 21 '14 at 14:10
  • Are you posting with JavaScript? http://stackoverflow.com/questions/13924740/how-to-avoid-the-action-you-have-requested-is-not-allowed-error-with-knockout – Jørgen R Jan 21 '14 at 14:12
  • yes dear. i send request using javascript. –  Jan 21 '14 at 14:15
  • possible duplicate of [Action you have requested is not allowed error](http://stackoverflow.com/questions/10383483/action-you-have-requested-is-not-allowed-error) – Jørgen R Jan 21 '14 at 14:19
  • This error is got bout csrf protection. if i remove csrf code it is working perfectly. –  Jan 21 '14 at 14:29

1 Answers1

0

You have to include the CSRF hash name in your POST request:

$.post(
  SITE_URL + 'module/controller/function',
  {
    data: data,
    otherdata: somemoredata,
    csrf_hash_name: $.cookie('csrf_cookie_name')
  },
  function() { console.log('Yay'); }
);

Check out system/cms/config.php, setting $config['csrf_cookie_name'], to see what your cookie name is. 'csrf_cookie_name' is the default.

Other "solution" would be to turn off CSRF protection.

mgrueter
  • 1,400
  • 6
  • 15