CSFR validation and Ajax calls

WilsonC · May 12, 2009, 7:08am

Hi,

I want to be able to use CSFR to validate my forms on POST, but it interferes with the following ajax calls, based on code from the Yii skeleton app.



    if (confirm('Are you sure you want to delete this?')) {


        $.post($(this).attr('href'), {}, function(response){


        });


        $(this).parent().parent().fadeOut("slow");


    }

Is there anyway i can either:

Ignore the CSRF validation for Ajax POSTs (i don't want to use GET for this as it's a delete request)
Can i even include a dummy form and use that form's hidden CSRF input value to validate the submission?

qiang · May 12, 2009, 12:37pm

Yes, you can enclose the link with a dummy form. The link will automatically use that form to submit.

WilsonC · May 12, 2009, 2:55pm

Which means i would have to enclose every link with a form which isn't really what i had in mind in terms of clean HTML. Thanks anyway.

yugenekr · September 8, 2009, 12:55pm

Hi all!

I think if there could be another better solution then having unneccessary markup?

I’m having this issue when sending ajax post request without any need in form.

will be gratefull for ur ideas.