问题
CodeIgniter gives an error "The action you have requested is not allowed." when it fails the check for CSRF. As I understand it, this means the POST is missing the hidden token from the form that proves that an attack is not being done.
The token is generated automatically with a call to the CI form_open function.
In my case, I'm using Knockout to post the contents of a ViewModel for saving, like this:
ko.utils.postJson($("form")[0], self.pages);
I've found solutions elsewhere that simply turn off the CSRF setting for the specific page, but that doesn't seem like a good solution.
Presumably because the token is not being received, the postJson call is not submitting the existing form. Is there a way to either submit the required token along with the JSON data or submit the JSON data with the existing form?
回答1:
try to use form_open() and form_close
all form helper functions that will help.
or: I think it's from time zone difference as the Security class depends on time for hashing.
来源:https://stackoverflow.com/questions/13924740/how-to-avoid-the-action-you-have-requested-is-not-allowed-error-with-knockout