passing csrf token through jqgrid on cell edit

I'm using Codeigniter and jqgrid to build an application. I've recently enabled Codeigniter's builtin CSRF protection for security reasons, and it broke some stuff with jqgrid. I've been able to pass the csrf token when jqgrid is instantiated so all my data loads (by adding the csrf token to the postData), but now anytime I edit a cell I get a 500 error because the csrf token isn't being passed. I can verify this by looking at the post data each time I edit a cell. I read several places that editData is what I want, but adding the token in there doesn't seem to pass it in the edit ajax request. Any ideas?

$("#cust_grid").jqGrid({
    url:'/ajax/grid',
    datatype: 'xml',
    mtype: 'POST',              
    postData: {<?php echo $this->security->get_csrf_token_name().":'".$this->security->get_csrf_hash()."'"; ?>},
    editData: {<?php echo $this->security->get_csrf_token_name().":'".$this->security->get_csrf_hash()."'"; ?>},
    colNames:['Name1', 'Name2'],
    colModel :[ 
        {name:'name1', index:'name1', width:55, search: true},
        {name:'name2', index:'name2', width:110, search: true},
                        ],
    pager: '#pager',
    rowNum:25,
    rowList:[10,25,50,100],
    sortname: 'name1',
    sortorder: 'asc',
    viewrecords: true,
    gridview: true,
    caption: 'Customers',
    height: 600,
    width: 1200,
    shrinkToFit: false,
    altRows: true,
    cellEdit: true,     
    cellsubmit: "remote",
    cellurl: "/ajax/editCell",
},
{}
);

Answers


It seems that you can solve the problem mostly in the same way like I described here. The main difference is that you use cell editing instead of form editing. So you should use ajaxCellOptions instead of ajaxEditOptions:

ajaxCellOptions: {
    loadBeforeSend: function(jqXHR) {
        // you should modify the next line to get the CSRF tocken
        // in any way (for example $('meta[name=csrf]').attr('content')
        // if you have <meta name="csrf" content="abcdefjklmnopqrstuvwxyz="/>)
        var csrf_token = '<%= token_value %>'; // any way to get
        jqXHR.setRequestHeader('X-CSRF-Token', csrf_token);
    }
}

I ended up finding another solution to the problem. I was investigating the cell editing link posted in the another answer and I saw the beforeSubmitCell option. Turns out if you return json data from that function it will be appended to the post data each time a cell is edited. So all I needed to do was add as an option:

beforeSubmitCell: function (rowid,celname,value,iRow,iCol) {
  return {<?php echo $this->security->get_csrf_token_name().":'".$this->security->get_csrf_hash()."'";?>} 
},

No answer working out after I tried. Then i found the solution for passing CSRF Token from Jqgrid inline editing to Django by using this :

onSelectRow: function(id){
   if(id && id!==lastSel){ 
      $(selector).restoreRow(lastSel); 
      lastSel=id; 
   }

 var editparameters = {
    extraparam: {csrfmiddlewaretoken: $('.token-data').data('token')},
    keys: true,
  };
 $(selector).jqGrid('editRow', id, editparameters);
}

Example usage : http://yodi.polatic.me/jqgrid-inline-editing-integration-with-django-send-csrf-token/


Need Your Help

What data structure to use for string templating?

algorithm data-structures replace

In my application I have a set of parameters, and a set of string templates, characterized by having 0..N parameters (identified by curly braces) in them.

How do you express binary literals in Python?

python syntax binary literals

How do you express an integer as a binary number with Python literals?

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.