我对这个禁止的问题感到困惑。首先,我检查了相关的stackoverflow帖子和googled足够但仍然不知道。
项目详情:
- Currently used libraries:
1. Carabiner (https://github.com/bcit-ci/CodeIgniter/wiki)
2. Template (https://github.com/jenssegers/codeigniter-template-library)
3. hmvc
3. instagram_api
- CSRF Protection turned on (I don't want false the protection)
- Followed main posts
1. https://stackoverflow.com/questions/40225908/ajax-post-not-working-codeigniter
2. https://stackoverflow.com/questions/22527412/403-forbidden-access-to-codeigniter-controller-from-ajax-request
- ISSUE: 403 Forbidden ("The action you have requested is not allowed.")
HTML
instagram.php
form_open()函数为访问令牌生成隐藏字段,它包含在ajax发布数据中。
<input type="hidden" name="csrf_token_localhost" value="3f5887fd41ac4eaa9b558afa7cb4a6de">
...
<?php echo form_open('admin/getInstagramAccessToken', array('id' => 'instagram_settings', 'class' => 'form-horizontal row-border')); ?>
...
<div class="col-sm-8 col-sm-offset-2">
<?php echo form_submit('submit', 'Get my access token', ['class' => 'btn-primary btn btn-get-token']); ?>
</div>
...
<?php echo form_close(); ?>
使用Javascript
adminscript.js
$('#instagram_settings').submit(function( event ) {
var posting_data = $( this ).serializeArray();
event.preventDefault();
$.ajax({
type: 'POST',
dataType: 'json',
async: true,
cache: false,
data: posting_data,
url: 'admin/getInstagramAccessToken',
success: function(json) {
try{
console.log(json);
}catch(e) {
console.log('Exception while request..');
}
},
error: function(jqXHR, textStatus, errorThrown) {
console.log(jqXHR, textStatus, errorThrown);
},
complete: function() {
console.log('ajax complete');
}
})
调节器
admin.php的
public function getInstagramAccessToken()
{
if ($this->input->is_ajax_request())
{
$response['status'] = 'success';
echo json_encode($response);
}
else
{
// if the request if not ajax then show 404 error page
show_404();
}
}
当我将csrf保护状态设为false时,它们都能正常工作。或者当我将帖子类型从“post”更改为“get”时。但我想保持状态为真,并使用“post”方法。
两个图像的Dropbox链接:
https://www.dropbox.com/sh/e93ubgwzv9zir5j/AAA6vf5IWc1m7rtpGWGCpub4a?dl=0