Javascript 在表单提交时,通过php文件获取CSRF并将值传递给请求
如果符合条件,我将以50分奖励这个问题 我有一个向上投票的系统,类似于这里的投票方式 当用户通过Javascript 在表单提交时,通过php文件获取CSRF并将值传递给请求,javascript,jquery,forms,Javascript,Jquery,Forms,如果符合条件,我将以50分奖励这个问题 我有一个向上投票的系统,类似于这里的投票方式 当用户通过进行投票时,我希望submit to首先点击“get csrf.php”获得一个csrf密钥,然后将该值传递给请求 我怎样才能做到这一点 jQuery代码: jQuery('.votetopicform').submit(ajaxSubmit_votetopicform); function ajaxSubmit_votetopicform(){ var votetopicform = jQuer
jQuery('.votetopicform').submit(ajaxSubmit_votetopicform);
function ajaxSubmit_votetopicform(){
var votetopicform = jQuery(this).serialize();
jQuery.ajax({
type:"POST",
url: SiteParameters.site_url+"/wp-admin/admin-ajax.php",
data: votetopicform,
success:function(data){
jQuery(".feedback").html(data); // empty div to show returned data
}
});
return false;
}
get csrf.phpif (!isset($_SESSION['csrf'])) {
$_SESSION['csrf'] = substr( md5(rand()), 0, 7);
}
return $_SESSION['csrf'];
因此,当用户单击submit时,我希望通过jQuery代码获取CSRF,然后将其发送到请求并在那里进行处理。我建议您这样做的方式是,在首先将表单交付给用户时,将令牌放入隐藏的输入字段中
<? if (!isset($_SESSION['csrf'])) { ?>
<input type="hidden" name="csrf-token" value="<?= $_SESSION['csrf'] ?>">
<? } ?>
ajaxSubmit\u votetopicformajaxSubmit\u votetopicformfunction ajaxSubmit_votetopicform(token){
var votetopicform = jQuery(this).serialize();
votetopicform += "&csrftoken=" + token; //token is passed as parameter to this fn
....
}
//set the submit - event handler to a function, that requests the token first
jQuery('.votetopicform').submit(ajaxSubmit_requestcsrftoken);
function ajaxSubmit_requestcsrftoken(){
jQuery.ajax({
type:"POST",
url: SiteParameters.site_url+"/get-csrf.php",
success:function(data){
// after succesfully requesting the CSRF - token, call the function
// that should submit the actual form data to your server and pass the token as parameter to it
// this way you are chaining one request after the other
ajaxSubmit_votetopicform(data);
}
});
return false; //prevent the form from submitting
}
function ajaxSubmit_votetopicform(token){
var votetopicform = jQuery(this).serialize();
//add the token as additional parameter to be sent to the server
votetopicform += "&csrftoken=" + token;
jQuery.ajax({
type:"POST",
url: SiteParameters.site_url+"/wp-admin/admin-ajax.php",
data: votetopicform,
success:function(data){
jQuery(".feedback").html(data); // empty div to show returned data
}
});
}
我建议您这样做的方式是,首先在向用户交付表单时,将令牌放入一个隐藏的输入字段中
<? if (!isset($_SESSION['csrf'])) { ?>
<input type="hidden" name="csrf-token" value="<?= $_SESSION['csrf'] ?>">
<? } ?>
ajaxSubmit\u votetopicformajaxSubmit\u votetopicformfunction ajaxSubmit_votetopicform(token){
var votetopicform = jQuery(this).serialize();
votetopicform += "&csrftoken=" + token; //token is passed as parameter to this fn
....
}
//set the submit - event handler to a function, that requests the token first
jQuery('.votetopicform').submit(ajaxSubmit_requestcsrftoken);
function ajaxSubmit_requestcsrftoken(){
jQuery.ajax({
type:"POST",
url: SiteParameters.site_url+"/get-csrf.php",
success:function(data){
// after succesfully requesting the CSRF - token, call the function
// that should submit the actual form data to your server and pass the token as parameter to it
// this way you are chaining one request after the other
ajaxSubmit_votetopicform(data);
}
});
return false; //prevent the form from submitting
}
function ajaxSubmit_votetopicform(token){
var votetopicform = jQuery(this).serialize();
//add the token as additional parameter to be sent to the server
votetopicform += "&csrftoken=" + token;
jQuery.ajax({
type:"POST",
url: SiteParameters.site_url+"/wp-admin/admin-ajax.php",
data: votetopicform,
success:function(data){
jQuery(".feedback").html(data); // empty div to show returned data
}
});
}
我建议您这样做的方式是,首先在向用户交付表单时,将令牌放入一个隐藏的输入字段中
<? if (!isset($_SESSION['csrf'])) { ?>
<input type="hidden" name="csrf-token" value="<?= $_SESSION['csrf'] ?>">
<? } ?>
ajaxSubmit\u votetopicformajaxSubmit\u votetopicformfunction ajaxSubmit_votetopicform(token){
var votetopicform = jQuery(this).serialize();
votetopicform += "&csrftoken=" + token; //token is passed as parameter to this fn
....
}
//set the submit - event handler to a function, that requests the token first
jQuery('.votetopicform').submit(ajaxSubmit_requestcsrftoken);
function ajaxSubmit_requestcsrftoken(){
jQuery.ajax({
type:"POST",
url: SiteParameters.site_url+"/get-csrf.php",
success:function(data){
// after succesfully requesting the CSRF - token, call the function
// that should submit the actual form data to your server and pass the token as parameter to it
// this way you are chaining one request after the other
ajaxSubmit_votetopicform(data);
}
});
return false; //prevent the form from submitting
}
function ajaxSubmit_votetopicform(token){
var votetopicform = jQuery(this).serialize();
//add the token as additional parameter to be sent to the server
votetopicform += "&csrftoken=" + token;
jQuery.ajax({
type:"POST",
url: SiteParameters.site_url+"/wp-admin/admin-ajax.php",
data: votetopicform,
success:function(data){
jQuery(".feedback").html(data); // empty div to show returned data
}
});
}
我建议您这样做的方式是,首先在向用户交付表单时,将令牌放入一个隐藏的输入字段中
<? if (!isset($_SESSION['csrf'])) { ?>
<input type="hidden" name="csrf-token" value="<?= $_SESSION['csrf'] ?>">
<? } ?>
ajaxSubmit\u votetopicformajaxSubmit\u votetopicformfunction ajaxSubmit_votetopicform(token){
var votetopicform = jQuery(this).serialize();
votetopicform += "&csrftoken=" + token; //token is passed as parameter to this fn
....
}
//set the submit - event handler to a function, that requests the token first
jQuery('.votetopicform').submit(ajaxSubmit_requestcsrftoken);
function ajaxSubmit_requestcsrftoken(){
jQuery.ajax({
type:"POST",
url: SiteParameters.site_url+"/get-csrf.php",
success:function(data){
// after succesfully requesting the CSRF - token, call the function
// that should submit the actual form data to your server and pass the token as parameter to it
// this way you are chaining one request after the other
ajaxSubmit_votetopicform(data);
}
});
return false; //prevent the form from submitting
}
function ajaxSubmit_votetopicform(token){
var votetopicform = jQuery(this).serialize();
//add the token as additional parameter to be sent to the server
votetopicform += "&csrftoken=" + token;
jQuery.ajax({
type:"POST",
url: SiteParameters.site_url+"/wp-admin/admin-ajax.php",
data: votetopicform,
success:function(data){
jQuery(".feedback").html(data); // empty div to show returned data
}
});
}
GNi33的答案对于表单提交来说是一个很好的解决方案,对于这样的用例,我推荐他的答案。我提出的解决方案也适用于表单;然而,对于非表单提交,它更为典型。其思想是在HTTP请求头中包含CSRF令牌
jQuery('.votetopicform').submit(ajaxSubmit_votetopicform);
function ajaxSubmit_votetopicform() {
var votetopicform = jQuery(this).serialize();
// chain AJAX requests
jQuery.ajax({
type: "GET",
url: SiteParameters.site_url + "/wp-admin/get-csrf.php"
}).then(function(token) {
jQuery.ajax({
type: "POST",
url: SiteParameters.site_url + "/wp-admin/admin-ajax.php",
data: votetopicform,
headers: {
"_RequestToken": token
}
});
});
return false;
}
GNi33的答案对于表单提交来说是一个很好的解决方案,对于这样的用例,我推荐他的答案。我提出的解决方案也适用于表单;然而,对于非表单提交,它更为典型。其思想是在HTTP请求头中包含CSRF令牌
jQuery('.votetopicform').submit(ajaxSubmit_votetopicform);
function ajaxSubmit_votetopicform() {
var votetopicform = jQuery(this).serialize();
// chain AJAX requests
jQuery.ajax({
type: "GET",
url: SiteParameters.site_url + "/wp-admin/get-csrf.php"
}).then(function(token) {
jQuery.ajax({
type: "POST",
url: SiteParameters.site_url + "/wp-admin/admin-ajax.php",
data: votetopicform,
headers: {
"_RequestToken": token
}
});
});
return false;
}
GNi33的答案对于表单提交来说是一个很好的解决方案,对于这样的用例,我推荐他的答案。我提出的解决方案也适用于表单;然而,对于非表单提交,它更为典型。其思想是在HTTP请求头中包含CSRF令牌
jQuery('.votetopicform').submit(ajaxSubmit_votetopicform);
function ajaxSubmit_votetopicform() {
var votetopicform = jQuery(this).serialize();
// chain AJAX requests
jQuery.ajax({
type: "GET",
url: SiteParameters.site_url + "/wp-admin/get-csrf.php"
}).then(function(token) {
jQuery.ajax({
type: "POST",
url: SiteParameters.site_url + "/wp-admin/admin-ajax.php",
data: votetopicform,
headers: {
"_RequestToken": token
}
});
});
return false;
}
GNi33的答案对于表单提交来说是一个很好的解决方案,对于这样的用例,我推荐他的答案。我提出的解决方案也适用于表单;然而,对于非表单提交,它更为典型。其思想是在HTTP请求头中包含CSRF令牌
jQuery('.votetopicform').submit(ajaxSubmit_votetopicform);
function ajaxSubmit_votetopicform() {
var votetopicform = jQuery(this).serialize();
// chain AJAX requests
jQuery.ajax({
type: "GET",
url: SiteParameters.site_url + "/wp-admin/get-csrf.php"
}).then(function(token) {
jQuery.ajax({
type: "POST",
url: SiteParameters.site_url + "/wp-admin/admin-ajax.php",
data: votetopicform,
headers: {
"_RequestToken": token
}
});
});
return false;
}
你为什么想要这个飞行前请求?标准同步器令牌模式是否不够好@长话短说,所有页面都是缓存的(包括表单),所以我需要通过JS获取CSRF密钥,而不是简单地通过html将密钥直接添加到表单中……你是在问如何链接请求吗?@lxalmida不确定这个术语的含义。我在问:在表单提交时,我想点击get-csrf.php,获取返回的键,然后通过表单发送它,并在处理表单时使用该值。(我的JS知识是有限的,所以对于有知识的人来说,这应该是一个简单的任务)…为什么要这个飞行前请求?标准同步器令牌模式是否不够好@长话短说,所有页面都是缓存的(包括表单),所以我需要通过JS获取CSRF密钥,而不是简单地通过html将密钥直接添加到表单中……你是在问如何链接请求吗?@lxalmida不确定这个术语的含义。我在问:在表单提交时,我想点击get-csrf.php,获取返回的键,然后通过表单发送它,并在处理表单时使用该值。(我的JS知识有限,因此这应该是一个简单的任务