How to include CSRF from Codeigniter into ajax data

Question

I am trying to pass some data into my Controller, but I\'m getting a 500 error. After some research, I discovered that it\'s caused by the CSRF token not being sent.

Answer 1

The token needs to be passed in the data argument of $.ajax.

This should work but see my notes below.

order['security->get_csrf_token_name(); ?>'] = 'security->get_csrf_hash(); ?>';

However, there are a few bad practices going on here. Mainly you should not use PHP in your javascript because this prevents you from being able to access the javascript as a separate file (this is good because browsers will cache it to make your page load faster and consume less bandwidth).

It's better to store the token in your order

html like this..

Then it will get serialized with the rest of your form data.

You can also store the URL in the form's action attribute. This will help your script gracefully degrade and also keeps the URL in one place instead of 2.

In the $.ajax call, use something like this url: $('#order').attr('action'), assuming #order is the actual form id.