I am using codeigniter 3.0.6. Currently working on one page website where there is a search functionality. I have enabled the csrf_protection option in the codeigniter's config file, and used form_open() function to create form.
When I press submit button the search functionality works well, but after submit the form when I refresh the page (with any functionality to refresh the page ie. from keybord or browser refresh) then CSRF doesn't work and display the error "The action you have requested is not allowed.".
Note : I am using post method to submit the form & set csrf_regenerate to true.
The problem is with $config['csrf_regenerate'] = TRUE; set it to FALSE instead.
When TRUE every time you POST to the server the CSRF token changes value. The page must be fully reloaded in order for to receive the new token. A back button won't fully reload the page but the browser's refresh/reload button should.
Related
I have created the project which has login page login.blade.php which has only Regno to login-in.
once it login is the success it will redirect to home.blade.php and it followed by 4 more pages when clicking of next button in each page
page2.blade.php,page3.blade.php,page4.blade.php,page5.blade.php and finally, it should redirect to login page itself. The problem is the browser back button should not allow it to go back to the previous page.
can anyone suggest me how to create middleware for this?
thank you.
The browser's back button is not controlled by the server, where Laravel runs. There is no way for you to block it or interact with it in any way inside your PHP code.
What you can do is send XMLHHTTPRequest (XHR) with JavaScript. They ensure that on a button click you will stay on the same page in the browser and then your JS-code can read the server response (your rendered page templates) and replace the current content with the one from that response. You can read more on this when you google for AJAX, e.g. this article: https://www.sitepoint.com/use-jquerys-ajax-function/
Read this thing. I once implemented in the same way. By setting cache control in response header.
https://stackoverflow.com/a/51821808/10239067
I am using ng:Disabled directive for disabling my submit button. Its working fine its not enabling until all the required input fields are getting filled, but when I am inspecting the element using Google chrome firebug console and manually delete the disabled attribute from submit button then its get "Enabled" and form is submitted. So my question is that how to handle this type of problem. There are any option to checking validate from controller and enable/disable submit button from controller.
Please give me some suggestion for this.
Basically I am referring this url: http://docs.angularjs.org/api/ng.directive:ngDisabled
Ensure your form doesn't have an action attribute, and hook up
the ng-submit
directive of the form element or the
ng-click
directive on the first button or input field of type submit.
See form for more details.
From that event handler you can perform additional validations and send form only if validation is OK or show an error otherwise.
i have a form that it send data with ajax post metod. when i set flashmessenger in action method, it don`t show any messege (i have to refresh the page for see the messege)!
how i can manage the flashmessenger for recognition ajax load page??
Flashmessenger uses sessions, in order for it to work you need to physically reload the page. You have to create your own mechanism; Whenever you get the callback you can append lets say your response to the same element in which you would have displayed the flashmessanger message.
I have a very strict requirement to use POST to pass in request parameters to my application upon entry. Once entering the application (page1), entering form information and continuing to the next page (page2) via a commandButton, the expectation is that the data will be posted and later read from a session scoped manage bean. All works well except when using browser back on page2 to navigate back to page1.
I have tried adding a redirect tag on the navigation rule that navigates from page1 to page2 to no avail. I have also tried this implementation of the Post-Get-Redirect pattern (http://balusc.blogspot.com/2007/03/post-redirect-get-pattern.html). Am I missing something obvious here?
Abel, the scope of page1 is request.
The solution we came up with which is no means ideal is to disable browser caching on the previous page. What this means is that whenever you refresh the page using the browser refresh button or click the browser back button, the browser will indicate that the page is expired and prompt a warning asking whether you want to re-submit the request.
We do have a work around which is to provide navigation buttons within the webpage but the idea was to support browser back. This would be easy using GET parameters, but POST provides additional complexity which we have decided to mitigate by by providing our in-house navigation buttons.
Its really hard to search the any combination of keywords in search engine about this because it used by most popular developer wanted a custom autocomplete by ajax.
Most developer search about the custom autocomplete to get result from db by ajax or about how to disable browser autocomplete due to security reason or they wantted to use another autocomplete extender.
However I am not talking about the autocomplete. I finding about simple normal browser autocomplete or browser saved form either IE or FF that will act like dropdown recent choice during filling a text in a textbox.
It simple and normal filling a form like username and password in a login form. After the form submitted (the form data post) browser will save the autocomplete or event in FF will ask to save along with the password.
Now, think about the login submitted via ajax. The form data not automatically saved by either IE or FF simply because the form not sent by post method. I am pretty sure it is because of ajax vs post method.
CMS like DotNetNuke using this way and its really hard to me to type username and password for 5 user login for development purpose, event I want to let user save their own form data in the browser without any custom or extender. By another example, user can see and use same email to fill an any email form across web site or domain.
How to workaround with this?
Did you have suggestion what keywords is more suitable to search?
CallMeLaNN
I'm having the same problem. I was able to solve it for FireFox by adding a hidden iframe that I submit via JavaScript before doing my AJAX post. I still haven't found anything that works in Chrome/IE.
I've been faced with same issue and searched a bit. I think the solution below is the most convenient way to solve this if you have a login page. If we consider the login submitted via ajax, none of the browsers remember or offer autocomplate feature for user name and password field additionally ask to remember the credentials. But if you use the javascript submit feature (Probably it's not compatible with older versions of browsers), All of the browsers offers to save the username and password except IE. But I've found another javascript tricky for IE to make it offer to save username and password.
In my login page, I've handled the username and password and send them to serverside by ajax request and if the login is succeeded, i submitted the form by the method below otherwise It had been shown an Alert box to the user that the login was failed.
Please Check the link below:
[EDIT]: Link is broken
There is a fixed page about this issue in the page linked, i can not give you another link because of my reputation. Please search for the quotation below in the page:
Look at the fixed page.
Of course,this approach does not fit if you have a login section in the default page because of the form submitting. This causes the page flickering. I wonder if someone has an idea about it?
Here is some unobstrusive js jQuery code that will submit a form both via ajax ($.post method) to a real backend script and also to a dummy script via an iFrame, so the browser will save the submitted data for subsequent autocompletion.
This is working great under chrome. Any feedback is more than welcome!
var formframesindex = 0;
function onSubmitAjax(evt){
var $form = $(this);
var framesubmitting = $form.hasClass('framesubmitting');
var action = $form.attr('action');
var original_action = action;
if(!framesubmitting){
$.post(action,$form.serialize()+"&ajax=1", function(responseText,message,request){
formResponseHandler(responseText);
}, "json");
formframesindex++;
var formframe = $("<iframe name='formframe_id_"+(formframesindex)+"' id='formframe_id_"+(formframesindex)+"' class='formframe' src='/fakeformreceiver.php'></iframe>");
$('body').append(formframe);
var target = $form.attr('target');
$form.data('originaltarget',target);
$form.data('originalaction',original_action);
$form.attr('target','formframe_id_'+formframesindex);
$form.attr('action','/fakeformreceiver.php');
$form.addClass('framesubmitting');
$form.submit();
} else {
var current_target = $form.attr('target');
var original_action = $form.data('originalaction');
var original_target = $form.data('originaltarget');
var $frame = $('#'+current_target);
setTimeout(function(){
if($frame && $frame.length){
$frame.remove();
}
$form.attr('action',original_action);
$form.attr('target',original_target);
$form.removeClass('framesubmitting');
},100);
}
return framesubmitting;
}