I am trying to pass some data into my Controller, but I’m getting a 500 error. After some research, I discovered that it’s caused by the CSRF token not being sent.
It seems like I need to include this along with the data: <?php echo $this->security->get_csrf_token_name(); ?>:"<?php echo $this->security->get_csrf_hash(); ?>"
My JS is pretty weak, so I’m a little confused on how to alter this to include the above.
<script type="text/javascript">
$(document).ready(function() {
$("#order").sortable({
update : function (event, ui) {
order = $('#order').sortable('serialize');
$.ajax({
url: "<?=base_url().'admin/category/update_order'?>",
type: "POST",
data: order,
success: function(response){
console.log(response);
}
});
}
});
}
);
</script>
The token needs to be passed in the
dataargument of$.ajax.This should work but see my notes below.
order['<?php echo $this->security->get_csrf_token_name(); ?>'] = '<?php echo $this->security->get_csrf_hash(); ?>';However, there are a few bad practices going on here. Mainly you should not use PHP in your javascript because this prevents you from being able to access the javascript as a separate file (this is good because browsers will cache it to make your page load faster and consume less bandwidth).
It’s better to store the token in your order
<form>html like this..<input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash(); ?>" />Then it will get serialized with the rest of your form data.
You can also store the URL in the form’s action attribute. This will help your script gracefully degrade and also keeps the URL in one place instead of 2.
In the
$.ajaxcall, use something like thisurl: $('#order').attr('action'),assuming #order is the actual form id.