Cakephp 3.6 ajax 403 forbidden

When I post and attach a file, I get back error 403

I have read that it is a problem that the session expires when the answer is sent by ajax, I in app.php have:

  'Session' => [
        'defaults' => 'php',

So that shouldn’t be the problem. I have also tried disabling the Csrf component, but it doesn’t work either:

public function beforeFilter(Event $event) { 

I don’t know what to prove anymore.

1 Like

considering you’re sending it by using ajax, maybe just add the csrf token?

  // ... ajax stuff
  headers: {
    'X-CSRF-Token': '<?= h($this->request->getParam('_csrfToken')); ?>'
  // ... more ajax stuff
1 Like

Yes, in Controller:

public function initialize() {

In the Layout/default.ctp:

var csrfToken = <?= json_encode($this->request->getParam('_csrfToken')) ?>;

In the jquery.js:

	headers: { 'X-CSRF-Token': csrfToken },

inspect Firefox:



403 Forbidden

If that’s the case, I think the issue lies somewhere else (eg. your webserver config).