Codeigniter form_open_multipart showing 403 Forbidden (CSRF)

Question

I am trying to post data though ajax post but somehow unable to post . am getting 403 forbidden. Fortunately my other ajax posts are submitting properly as they are getting right re-generated token. But in form_open_multipart it's not working.

CI config

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'my_token';
$config['csrf_cookie_name'] = 'my_cookie';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();

form_open is working well, but in the case of multi part it's not working well !!!!

my HTML

<?php $parameter = array('id' => 'frm_id', 'class' => 'form-horizontal'); echo form_open_multipart('controller/save',$parameter) ;?>
<div class="form-body">
    <div class="form-group">
        <label class="col-md-3 control-label">Name</label>
        <div class="col-md-6">
            <div class="input-icon">
                <i class="fa fa-bell-o"></i>
                <input type="text" id="catId" class="form-control " placeholder="Type Something..." name='name' /> 
            </div>
        </div>
    </div>
    <div class="form-group">
        <label class="col-md-3 control-label">Description</label>
        <div class="col-md-6">
            <div>
                <textarea class="form-control" rows="3" name="description"></textarea>
            </div>
        </div>
    </div>
    <div class="form-group">
        <label class="col-md-3 control-label">Image 1</label>
        <div class="col-md-6">
            <div>
                <input type="file" name="thumb_image">
            </div>
        </div>
    </div>
    <div class="form-group">
        <label class="col-md-3 control-label">Image 2</label>
        <div class="col-md-6">
            <div>
                <input type="file" name="banner_image">
            </div>
        </div>
    </div>
</div>
<div class="form-actions">
    <div class="row">
        <div class="col-md-offset-3 col-md-9">
            <button type="submit" class="btn btn-flat green">Submit</button>
            <button type="button" class="btn btn-flat grey-salsa">Cancel</button>
        </div>
    </div>
</div>
<?php echo form_close() ;?>

My JS

<script type="text/javascript">
    var frmSave = $('#frm_id'); 
    frmSave.on('submit', function(event){
        event.preventDefault();
        $form=$(this);
        var fd = new FormData($('#frm_id')[0]);
        $.ajax({
            url: $form.attr('action'),
            type: $form.attr('method'),
            dataType: 'json',
            data: fd,
            contentType: false,
            cache: false,  
            processData: false,
            success: function(data){
                console.log(data)
            }
        })             
    });
</script>

Still I am getting this message

An Error Was Encountered. The action you have requested is not allowed.

Are you using virtual host url? I find that works better than a localhost url — , Jun 01 '18 at 21:50
can you look in the post vars to see if the crsf token name and hash are getting sent? this should be available in dev tools in your browser for the particular request — Alex, Jun 01 '18 at 22:33
Thank you guys for your reply. Every time its sending same token, can't I setup anything before ajax send. :( — Gobinda Nandi, Jun 02 '18 at 21:41

score 0 · Accepted Answer · answered Nov 01 '22 at 17:57

var vl = "; " + document.cookie;
var pr = vl.split("; csrf_cookie=");
var obj; if (pr.length == 2) { obj = pr.pop().split(";").shift(); }

using this variable in the ajax body section like

data : '<?php echo $this->security->get_csrf_token_name(); ?>': obj

Now it's working fine.

Codeigniter form_open_multipart showing 403 Forbidden (CSRF)

1 Answers1