Send CSRF token with datatable ajax

Send CSRF token with datatable ajax

VitaliyVitaliy Posts: 8Questions: 0Answers: 0
edited June 2015 in Free community support
$('#invoices').dataTable({
                "searchHighlight": true,
                "order": [[ 0, "desc" ]],
                "serverSide": true,
                "ajax": {
                    type: "POST",
                    data:{
                         'request':'get_users_invoices',
                         'csrf_token':$('meta[name=csrf_token]').attr("content")
                    }, 
                    dataSrc: function ( json ) {
                        if(json.csrf_token !== undefined) $('meta[name=csrf_token]').attr("content", json.csrf_token); 
                        return json.data;
                    }
                    }
                .....................

When the page is loaded, the table works (token send successfully), the new token comes in the answer, but upon transition to other page, a token isn't sent, it seems to me at change of the page ajax doesn't sent

Replies

  • VitaliyVitaliy Posts: 8Questions: 0Answers: 0

    if remove check of CSRF on the server side, the table works perfectly

  • allanallan Posts: 63,683Questions: 1Answers: 10,498 Site admin

    Can you link to the page showing the issue please.

    Allan

  • VitaliyVitaliy Posts: 8Questions: 0Answers: 0

    sorry but i I work on localhost

    server-side part

    if(isset($_POST['request']) && $_POST['request'] == "get_users_invoices" && MAIN::check_csrf_token(isset($_POST['csrf_token'])?$_POST['csrf_token']:NULL)) {
        INVOICES::get_user_invoices(isset($_SESSION['u'])?$_SESSION['u']:NULL); 
    }
    

    class

    $columns = array(
               array( 'db' => 'id', 'dt' => 0 ),
               array( 'db' => 'payment_description',  'dt' => 1 ),
               array( 'db' => 'payment_status',   'dt' => 2 ),
               array( 'db' => 'id',   'dt' => 3 ),
            );
    
            return MAIN::json_answer(SSP::simple( $_POST, array('user' => DB, 'pass' => DB, 'db'   => DB, 'host' => DB), 'invoices', 'id', $columns, "user_id='$user_id'"), 'csrf_token');
    
  • VitaliyVitaliy Posts: 8Questions: 0Answers: 0
    edited June 2015

    CSRF system works perfectly and where a problem I found but how to solve I don't know

    SUCCESS: get: d2458862462e1667f8420de7a2e53b8f | correct: d2458862462e1667f8420de7a2e53b8f
    Error: get (and already old): d2458862462e1667f8420de7a2e53b8f | correct: 78f0831d66a0ce52999b44d94603b357
    

    At change of the page using previous request, with an old key which is already not present, but a code of

     $('meta[name=csrf_token]').attr("content")
    

    is used, receives a right key

  • VitaliyVitaliy Posts: 8Questions: 0Answers: 0

    perhaps the request is cached?

    this CSRF system perfectly works with other ajax based functions, but i have problem only with datatables

  • VitaliyVitaliy Posts: 8Questions: 0Answers: 0

    https://datatables.net/examples/server_side/pipeline.html

    I think its my problem but how to solve I don't know)

  • allanallan Posts: 63,683Questions: 1Answers: 10,498 Site admin

    Oh you are using pipelining? That wasn't clear from your original post.

    If so you need to modify the pipeline code, where it makes the $.ajax call to include your token.

    Allan

  • VitaliyVitaliy Posts: 8Questions: 0Answers: 0

    Now i dont use it, but:
    I found the solution, instead of regular request, I decided to use a full caching of all pages. And the last question, than badly full caching (what number of records is maximum)?

  • VitaliyVitaliy Posts: 8Questions: 0Answers: 0

    my original problem(im still interested in it)
    first request, request with next params:

    var token = 1111;
    data:{ 'request':'get_users_invoices', 'csrf_token':1111},
    

    success response
    second page, second response

    var token = 2222;
    data:{ 'request':'get_users_invoices', 'csrf_token': 1111},
    

    error response, token = 2222, but in sended request csrf_token = 1111
    and i cant understand why ;(

  • allanallan Posts: 63,683Questions: 1Answers: 10,498 Site admin

    Without a test case, I'm afraid there is very little that is can do to offer any help.

    All I can say is that the code above will send 1111 as the csrf token, since that is the value assigned to that parameter.

    Allan

This discussion has been closed.