php - CodeIgniter 3 - 403 Forbidden on POST from jQuery.ajax() 异步请求
问题描述
我在 jQuery.ajax() 发布请求上收到 403 禁止错误。
应用程序/config/config.php
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_ghive';
$config['csrf_cookie_name'] = 'csrf_ghive';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = false;
应用程序/视图/billing.php
<input type="text" class="txt_csrfname" name="<?= $this->security->get_csrf_token_name(); ?>" value="<?= $this->security->get_csrf_hash(); ?>">
<button id="bill_client"><?php echo lang('pay'); ?></button>
<script type="text/javascript" src="<?php echo base_url(); ?>assets/customers/js/bill.js"></script>
资产/客户/js/bill.js
function add_bill_by_ajax(bill_object,bill_id){
// CSRF Hash
var csrfName = $('.txt_csrfname').attr('name'); // Value specified in $config['csrf_token_name']
var csrfHash = $('.txt_csrfname').val(); // CSRF hash
$.ajax({
url:base_url+"Bill/add_bill_by_ajax",
method:"POST",
data:{
order : bill_object,
sale_id : bill_id,
close_order : 0,
//csrf_test_name: $.cookie('csrf_ghive')
//'<?php echo $this->security->get_csrf_token_name(); ?>':'<?php echo $this->security->get_csrf_hash(); ?>'
[csrfName]: csrfHash
},
dataType: 'json',
success:function(response) {
if(response>0){
$('.txt_csrfname').val(response.token);
set_new_bills_to_view();
swal({
title: warning,
text: added_bill,
confirmButtonText:ok
});
}
},
error:function(){
console.log("403 Forbidden for ajax error");
swal({
title: warning,
text:'403 Forbidden for ajax error',
confirmButtonText:ok,
allowOutsideClick: false
});
}
});
}
应用程序/控制器/Bill.php
function add_bill_by_ajax(){
$bill_details = json_decode(json_decode($this->input->post($this->security->xss_clean('bill'))));
//this id will be 0 when there is new bill, but will be greater then 0 when there is modification
//on previous order
$bill_id = $this->input->post('bill_id');
$close_bill = $this->input->post('close_bill');
$data = array();
$data['token'] = $this->security->get_csrf_hash();
$data['customer_id'] = trim($bill_details->customer_id);
...
控制台错误
jquery-3.3.1.min.js:2 POST http://localhost/Bill/add_bill_by_ajax 403 (Forbidden)
send @ jquery-3.3.1.min.js:2
ajax @ jquery-3.3.1.min.js:2
add_bill_by_ajax @ custom.js:3764
(anonymous) @ bill.js:2362
dispatch @ jquery-3.3.1.min.js:2
y.handle @ jquery-3.3.1.min.js:2
网络错误
bill: "{\"customer_id\":\"1\",\"product_price_with_discount\":\"5000.00\",\"product_discount_amount\":\"0.00\",\"product_note\":\"\"}]}"
bill_id: 0
close_bill: 0
csrf_ghive: 6555e8953c1aee584cf2472c1ad14a4d
请注意,我已经查看了类似这样的其他问题,但我没有得到合适的解决方案:
在 Codeigniter 3 中禁止 POST url 403
带有 codeigniter 403 的 Ajax 请求(禁止)
403 禁止从 ajax 请求访问 CodeIgniter 控制器
ETC...
解决方案
Preset Apache mod_rewrite Flags 修改 RewriteRules 导致 AJAX 请求失败。解决方案是:
如果可以在主机上停用 mod_rewrite (不推荐)
从以下位置更改
.htaccess
codeigniter 安装:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php/$0 [PT,L]
RewriteCond $1 !^(index\.php|images|robots\.txt)
至:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
推荐阅读
- ruby-on-rails - 如何从 Rails 5 应用程序的表中的特定属性列表中获取 nil 而不是 nil 值的计数?
- javascript - 返回函数的函数如何工作?
- python - 如何在 Python 中将 DataFrame 的列更改为 DateTime?
- elasticsearch - 在elasticsearch中分组时如何更改字段值,使用正则表达式删除一些信息?
- python - 问题是生成一个带有字典的表。为什么键和值的方括号和大括号?
- java - 避免序列化视频并将其保存在设备上-Android
- latex - 这张桌子怎么画
- node.js - 如何将多个键重命名或映射到新的键名?
- css - 如何防止单边边框环绕边框半径?
- javascript - 功能标志或构建标志