How do I get Uploadify to work with Codeigniter + CSRF?

I'm trying to get Uploadify 2.1.4 to work with Codeigniter 2.1.0 and CSRF and I'm not having much luck. I have a basic upload controller and the following code to add:

$(function() {
        var cct = $.cookie('csrf_cookie_name');
            'uploader'       : '<?php echo site_url(); ?>js/uploadify/uploadify.swf',
            'script'         : '<?php echo site_url(); ?>upload/',
            'cancelImg'      : '<?php echo site_url(); ?>js/uploadify/cancel.png',
            'multi'          : true,
            'auto'           : false,
            'fileExt'        : '*.jpg;*.jpeg',
            'fileDesc'       : 'Image Files (JPG, JPEG)',
            'fileDataName' : 'imgData',
            'queueID'        : 'fileQueue',
            'simUploadLimit' : 1,
            'sizeLimit'   : 7340032,
            'removeCompleted': false,
            'scriptData' : { 'csrf_token_name' : cct, 'upload' : 'true' },
            'onSelectOnce'  : function(event, data) {
            'onComplete' : function(e, i, f, r, d) {
            'onError' : function(e, i, f, eO) {
                if( == 500) {
                    $('#status').prop('class', 'alert alert-error').html('<a class="close" data-dismiss="alert">&times;</a><h4>Hmmm. Something gone wrong it has.</h4> Yoda has discovered that your security token has expired. This is because you have been here for longer than two hours. we cannot refresh your key automatically, please refresh the page and try again.');


The problem is when I upload an image I get HTTP 500 thrown at me. I now know this because of enabling CSRF, since if I disable it it works fine.

I've tried uploading solutions to the problem. The one you can see in my code, and one that clones your session data and passes it using a CSRF key, but nothing seems to work. I always get 500 HTTP unless I disable CSRF.

If anyone can help it would be really appreciated. I realize that this question seems to be getting asked a lot and it makes me bully. On the side, the annotation passing CSRF along with standard AJAX requests works great just without loading.


source to share

2 answers

Use this code, it allows you to define an array of controller methods that are not subject to CSRF: .



The problem is that the Uploader uses a Flash object that looks like a completely different browser with a different session, so the CSRF won't match your session if you post cookie data.

You will need to override the original CSRF function with MY_Security.php file and make it so that you can bypass it, for example by sending your entire session cookie via POST and making it so that CSRF can read it, so you can be consistent.

You can also try HTML5 uploaders like , which at least gives you a better chance of not doing such overrides.



All Articles