[gavin1211]

Sorry, just starting out with grocery crud. When I try to add or edit records I am getting this error, please see attached screenshot. Screenshot is taken from google developer tools console window, on my edit screen. Does anyone know if this is a common problem. Is there a way to fix?

Many thanks.

[web-johnny]

Yeap it is a common problem you just use the csrf_protection = TRUE at the config of codeigniter (application/config/config.php) . Just change it to false and it will work fine.

The only way to solve this problem AND keep the csrf_protection to every other controller is the below walk around:

go to application/config/config.php and add :

list($tmp, $first_segment)  = explode("/",$_SERVER['PATH_INFO']);

$config['csrf_protection'] = $first_segment == 'main' ? false : true;

[left]This actually inactivates the csrf_protection only to “main” controller. You can of course change this idea to your needs. If you have a good authorization library I don’t think you will have a problem with this. The most common problems for the csrf_protection is to frontend website . Some auto bots, hacks e.t.c.[/left]

[gavin1211]

Thanks, after looking at the config.php file, I see that the setting is already set to false. Below is how it appeared when I first opened it.

[php]$config['csrf_protection'] = FALSE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;[/php]

[gavin1211]

I am receiving the same js errors when adding / editing. I have noticed that it seems to be the ->fields which seems to be causing problems. When I comment it out like below, I am able to add / edit cars fine.

[php]//$crud->fields('Make','Model','Price');[/php]

This is not want I want as I want to only show certain fields on my add / edit pages. Any ideas why this would be happening. Below is my full function code:

[php] public function stock()
{

$crud = new grocery_CRUD();
//$crud->set_theme('datatables');
$crud->set_table('stock');
$crud->set_subject('Car');

//set columns
$crud->columns('Picture1','Make','Model','Year','Registration');

//unset columns
$crud->callback_column('Picture1',array($this,'valueToEuro'));

//######### ADD/EDIT


//set relationships
$crud->set_relation('Make','carsmake','Make');
$crud->set_relation('Model','carsmodels','Model');

//set fields
//$crud->fields('Make','Model','Price');

//set picture uploads
$crud->set_field_upload('Picture1','dealer/images');

$stock = $crud->render();
$this->stock_output($stock);
}[/php]

Many thanks.

[web-johnny]

perhaps is that your fields are lowercase and you add everything with the first letter as Uppercase. For example try :

$crud->fields('make','model','price');

If this doesn't work, can you please post the structure of your table?

You have to change everything with the same logic. Grocery CRUD will auto-transform your strings into a first letter Uppercase. If you want something else you can just use the display_as method.

[gavin1211]

Thanks, I renamed all my columns to lowercase and now seems to be working fine. Many thanks for your time, patience and knowledge.

[sm1le]

Please help!

I am having the same error as in the topic.
The error occurs then CSRF protection is TRUE or FALSE, doesn't make the difference.
I don't use $crud->fields in my testing, just basic parameters.

When looking closely at the ajax requests, it seems that codeigniter is returning 301 Moved Permanently on those ajax requests

[sm1le]

nevermind, I just realized the problem was that Codigniter was set to always redirect to http://www.mysite.com but my $config['base_url'] was set to http://mysite.com

[casachit]

[quote name='web-johnny' timestamp='1332362722' post='878']
Yeap it is a common problem you just use the csrf_protection = TRUE at the config of codeigniter (application/config/config.php) . Just change it to false and it will work fine.

The only way to solve this problem AND keep the csrf_protection to every other controller is the below walk around:

go to application/config/config.php and add :

list($tmp, $first_segment)  = explode("/",$_SERVER['PATH_INFO']);

$config['csrf_protection'] = $first_segment == 'main' ? false : true;

[left]This actually inactivates the csrf_protection only to “main” controller. You can of course change this idea to your needs. If you have a good authorization library I don’t think you will have a problem with this. The most common problems for the csrf_protection is to frontend website . Some auto bots, hacks e.t.c.[/left]
[/quote]

hi web-johnny,

I hvae turned on csrf protection in my config file as follow.

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'abacdefghij';
$config['csrf_cookie_name'] = 'abacdefghij';
$config['csrf_expire'] = 7200;


grocery_crud is not giving me any error.. How can I generate error here?? because I am able to add edit do all the stuffs... Please can you specify possible problem might caused due to CSRF in grocery crud... I am using grocery crud 1.2.3

[web-johnny]

[member='casachit'] from version 1.2.3 and later the csrf_protection problem is fixed... however the problems that the csrf_protection causes are at codeigniter and I cannot do anything for this.

The main problem is the unstability. So in some cases Codeigniter throws this error in Internet Explorer 7 and 8. Moreover it is reported also that it has the same problem at Opera Browser too. I also mention this problem in IE 9 but as I said... sometimes!! It is really weird but it happens so I cannot deal with it anymore and it really takes me a lot of time to understand and fix the csrf_protection to work at the most of browsers. You can also see the history of opening and closing this issue again and again https://github.com/scoumbourdis/grocery-crud/issues/37

The question is do you really want to risk the stability of your project to have your system secure for some automated bots? I also write an article about 5 reasons to NOT use csrf_protection in Codeigniter I think that it would be interesting to read.

Cheers
Johnny