$config['csrf_protection'] = true;
$config['csrf_token_name'] = 'csrf_token_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$.post(url, {'<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>'}, function(){});
(2)为ajax请求加入全局传递数据:
//
$(function($) {
// this script needs to be loaded on every page where an ajax POST may happen
$.ajaxSetup({
data: {
'<?php echo $this->security->get_csrf_token_name(); ?>' : '<?php echo $this->security->get_csrf_hash(); ?>'
}
});
// now write your ajax script
});
(3)自己写一个helper方法,直接在view中使用,加入隐藏字段,如果你不喜欢使用form_open()的话:
function csrf_hidden(){
$ci = &get_instance();
$name = $ci->security->get_csrf_token_name();
$val = $ci->security->get_csrf_hash();
echo "<input type=\"hidden\" name=\"$name\" value=\"$val\" />";
}