php 在没有表单的情况下获取 Codeigniter CSRF 令牌?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13387091/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Getting Codeigniter CSRF token without a form?
提问by Motive
I have CSRF protection enabled on my site, but the only time the CSRF token is placed in a hidden field is when form_close()is used. I am posting data via ajax and need to send the CSRF as well to prevent the 500 errors.
我在我的站点上启用了 CSRF 保护,但是 CSRF 令牌被放置在隐藏字段中的唯一时间是何时form_close()使用。我正在通过 ajax 发布数据,并且还需要发送 CSRF 以防止 500 错误。
I thought there was a way to explicitly embed the CSRF token into the page, but I can't seem to find it.
我认为有一种方法可以将 CSRF 令牌显式嵌入到页面中,但我似乎找不到它。
How can I get the CSRF token when there isn't a form on the page?
当页面上没有表单时,如何获取 CSRF 令牌?
回答by Narf
You can get the CSRF token name and value via the security class:
您可以通过安全类获取 CSRF 令牌名称和值:
$this->security->get_csrf_hash();
$this->security->get_csrf_token_name();
回答by Rayiez
Add it to the form this way
以这种方式将其添加到表单中
<input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash(); ?>">
回答by Mohammad Heydari
Here is an example that shows you how to enable CSRF Attack mode :
这是一个示例,向您展示如何启用 CSRF 攻击模式:
<script>
var cct = '<?php echo $this->security->get_csrf_hash() ?>';
var get_csrf_token_name = '<?php echo $this->security->get_csrf_token_name() ?>';
$.ajaxSetup({
type:'post',
data:{ <?php echo $this->security->get_csrf_token_name() ?> :cct}
});
var siteurl = '<?= site_url()?>';
</script>