Cakephp 3.6 ajax 403 forbidden

bichomen · April 2, 2019, 12:34pm

When I post and attach a file, I get back error 403

I have read that it is a problem that the session expires when the answer is sent by ajax, I in app.php have:

  'Session' => [
        'defaults' => 'php',
    ],

So that shouldn’t be the problem. I have also tried disabling the Csrf component, but it doesn’t work either:

public function beforeFilter(Event $event) { 
         $this->eventManager()->off($this->Csrf);
}

I don’t know what to prove anymore.

FinlayDaG33k · April 2, 2019, 2:48pm

considering you’re sending it by using ajax, maybe just add the csrf token?

$.ajax({
  // ... ajax stuff
  headers: {
    'X-CSRF-Token': '<?= h($this->request->getParam('_csrfToken')); ?>'
  },
  // ... more ajax stuff
});

bichomen · April 3, 2019, 10:36am

Yes, in Controller:

public function initialize() {
  parent::initialize();      
  $this->loadComponent('Csrf');     
}

In the Layout/default.ctp:

<script>
var csrfToken = <?= json_encode($this->request->getParam('_csrfToken')) ?>;
</script>

In the jquery.js:

$.ajax({
	...
	...				
	headers: { 'X-CSRF-Token': csrfToken },
        ...
        ...
});

inspect Firefox:

csrf

Return:

403 Forbidden

FinlayDaG33k · April 3, 2019, 10:58am

If that’s the case, I think the issue lies somewhere else (eg. your webserver config).

bichomen · April 23, 2020, 11:55am

Topic		Replies	Views
CSRF error in Ajax POST request Need Help	5	4774	November 18, 2020
Ajax jquery cakephp 3 Need Help	11	635	March 4, 2020
Ajax jquery Error cakephp 3.6.10 (Solved) Need Help	8	8060	August 10, 2018
CakePHP 3.5 AJAX and CSRF Need Help	2	508	December 28, 2020
Keep getting the error "CSRF token mismatch" Need Help	4	16461	August 17, 2018