The Csrf Token Could Not Be Verified In Ajax Request [Solved]

Yii 1.1 General Discussion
1

Hello,

After enabling the CHttpRequest::enableCsrfValidation. I get this error:


The CSRF token could not be verified

JQuery function:




	function submitSearch(){

    	. . . . .

    	$.ajax({

        	type: 'post',

        	url: "search/index",

        	data: {

            	searchItem: $('#searchItem').val(),

            	category: $('#category').val(),

            	subCategory: $('#subCategory').val(),

				YII_CSRF_TOKEN: $('input[name="YII_CSRF_TOKEN"]').val()   			

        	},


    	});

    	return false;

	};

 	. . . .

search/index:




	public function actionIndex()

	{

    	if(isset($_POST['searchItem']) && $_POST['searchItem']!==null)

        	Yii::app()->user->setState('searchItem',$_POST['searchItem']);

    	$title=Yii::app()->user->getState('searchItem');


    	if(isset($_POST['category']) && $_POST['category']!==null)

        	Yii::app()->user->setState('category',(int)$_POST['category']);

    	$category=Yii::app()->user->getState('category');


    	if(isset($_POST['subCategory']) && $_POST['subCategory']!==null)

        	Yii::app()->user->setState('subCategory',(int)$_POST['subCategory']);

    	$subCategory=Yii::app()->user->getState('subCategory');


    	$criteria = new CDbCriteria();

    	$criteria->condition="status=:Verified or status=:Active";

    	$criteria->params=array(':Verified'=>Advert::Verified,':Active'=>Advert::Active);

    	if(!empty($title)) $criteria->compare('title',$title,true);

    	if(!empty($category)) $criteria->compare('category_id',$category); 

    	if(!empty($subCategory)) $criteria->compare('sub_category_id',$subCategory);


    	$sort = new CSort();

    	$sort->defaultOrder=array(

        	'leaf'=>CSort::SORT_DESC,

        	'type'=>CSort::SORT_ASC,

    	);


    	$dataProvider = new CActiveDataProvider('Advert',array(

        	'criteria'=>$criteria,

        	'sort'=>$sort,

        	'pagination'=>array(

            	'pageSize'=>10,

        	),

    	));


    	if((empty($dataProvider->data)))

        	Yii::app()->user->setFlash('!found',Yii::t('application','Not found a result!'));


    	if(Yii::app()->request->isAjaxRequest)

        	$this->renderPartial('index',array('dataProvider'=>$dataProvider));

    	else

        	$this->render('index',array('dataProvider'=>$dataProvider));

	}

DO i must manually verify the CSRF token?

2

Every POST request by default need to include the CSRF token in the data. If your page contains a form rendered using CForm or CActiveForm it should contain a hidden field. Just include that in the ‘data’ when you make your ajax request.

From my experience it’s good to keep using GET/POST as they were intented to, that is use GET only to retrieve data, without any modification and POST when the data changes in your permanent storage (the database). Don’t mix them, this will help further down the road. You will always know what a request was supposed to do just by looking if it’s a GET or POST.

3

my code was correct, only have to set the CSRF token to a proper place. function submitSearch() was not related to my code. sorry friends ::).