fuel cms simple module CSRF update issue

Question

When I enable the CSRF protection at Fuel 1.4,i am getting an csrf token reset issue .

lest elaborate the issue :

my config.php in application config

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 's_csrf_tocken';
$config['csrf_cookie_name'] = 's_csrf_cookie';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();

in a simple module with following filds

name,profile_image ....

so when ever i am going to create or edit then upload a file in profile image section then return back in main from page of the module .

and try to save the from it is giving the error:

An Error Was Encountered

The action you have requested is not allowed.

as the csrf token got changed in iframe of the asset up loader and in main from the csrf not getting updated .

any solution for this issue ?

Answer 1

i have implemented a solution i cant shay its very proper . it still have scope to improve . i used a controller to fetch the csrf

class Csrf_secure extends CI_Controller{
    function __construct()
    {
        parent::__construct();
        $this->load->library('session');
        $this->load->library('user_agent');
    }
    function get_csrf()
    {
        $this->fuel->admin->check_login();
        if(false)
        {}
        elseif(trim($this->agent->referrer()) =='' or $this->input->is_ajax_request()== false)
        {show_404(); }
        else {
            echo json_encode(array(
            'token'=>$this->security->get_csrf_token_name(),
            'hash'=>$this->security->get_csrf_hash()
                ));
        } }}

fetching and updating the function when ever a modal i frame is closed
from (needed to optimized if it can be celled only if an update is occurred on the from )

/fuel/modules/fuel/assets/js/jquery/plugins/jqModal.js

altering the

$.fn.jqmHide

function as follow .

$.fn.jqmHide=function(t){return this.each(function(){
        $.jqm.close(this._jqm,t);
        if(typeof window.parent != "undefined" ){
            if(typeof window.parent.CallParent == "undefined" ){
                window.parent.CallParent = function(context)
                {
                    $.getJSON(jqx_config.basePath+"csrf_secure/get_csrf", function(result){
                        if(typeof result.token  != "undefined"){
                                document.querySelectorAll('#'+result.token).forEach(function(rf){
                                    rf.value=result.hash;
                                });
                          }
                    });
                };
            };
            window.parent.CallParent(this._jqm,t); 

        }

    });};