Cakephp 3.6 ajax 403 forbidden

#1

When I post and attach a file, I get back error 403

I have read that it is a problem that the session expires when the answer is sent by ajax, I in app.php have:

  'Session' => [
        'defaults' => 'php',
    ],

So that shouldn’t be the problem. I have also tried disabling the Csrf component, but it doesn’t work either:

public function beforeFilter(Event $event) { 
         $this->eventManager()->off($this->Csrf);
}

I don’t know what to prove anymore.

0 Likes

#2

considering you’re sending it by using ajax, maybe just add the csrf token?

$.ajax({
  // ... ajax stuff
  headers: {
    'X-CSRF-Token': '<?= h($this->request->getParam('_csrfToken')); ?>'
  },
  // ... more ajax stuff
});
0 Likes

#3

Yes, in Controller:

public function initialize() {
  parent::initialize();      
  $this->loadComponent('Csrf');     
}

In the Layout/default.ctp:

<script>
var csrfToken = <?= json_encode($this->request->getParam('_csrfToken')) ?>;
</script>

In the jquery.js:

$.ajax({
	...
	...				
	headers: { 'X-CSRF-Token': csrfToken },
        ...
        ...
});

inspect Firefox:

csrf

Return:

403 Forbidden

0 Likes

#4

If that’s the case, I think the issue lies somewhere else (eg. your webserver config).

0 Likes