I'm using a modal form for users to login.
The submit button click event runs a javascript function (submitLogin) with an xmlhttprequest to an api that I have set up at (localhost app) 'logins/modal_signin'
This all seems to work with '.onload()' seeming to get the '.responseText' (currently just console.log() calls), but instead of staying on the page (as I want it to do) then the page redirects to the home page.
I'm wondering why that happens and how to stop it.
Here is the js xmlhttprequest function:
---------
here is the logins/controllers/Logins.php::modal_signin():
-------------
Note: the $flash_msg does show up on the home page.
-------------
Here is the logins/assets/api.json (with the authorization wide open):
{
"Signin": {
"url_segments": "logins/modal_signin/",
"request_type": "POST",
"description": "Fetch rows from table for uname and password",
"enableParams": true,
"authorization": "*"
}
}]
-----------------------
When I use browser developer tools to debug
it runs through my code then opens up a lot of radom files seemingly tied to
FontAwesome, app.js, jQuery, quill.js, VM1550, content.bundle.js and other libraries that I'm not sure of before it runs the xmlhttprequest.onload() and does do the consol.log()(s)
finally it redirects to my home page.
----
I'm thinking this has to do with the csrf_token.
I see that 'csrf_token' is checked by Core.php::csrf_protect() via a $_POST, but I'm not sure how the csrf is sent with the xmlhttprequest.
I tried adding the csrf_token to the parameters of the xmlhttprequest is submitLogin():
...
csrf_token = document.querySelector("#login-modal > div.modal-body > form > input[name=csrf_token]").value;
...
var params = {
username,
password,
remember,
csrf_token
}
...
// above did not work
-----
I also tried to put the csrf_token in the request header:
...
http.setRequestHeader('csrf_token', csrf_token);
...
----
but that didn't work either
----
I even tried setting a post value for csrf_token in the php response function (from the param value):
...$_POST['csrf_token'] = $params['csrf_token'];
---
so the question is what am I doing wrong and/or what is the best way to do this?
API call via xmlhttprequest returns response but then redirects to home page
4 years ago
4 years ago
#1
4 years ago
#2
Hi mbrick02,
Could you please share the modal form code with me?
I'm thinking it could be an event.preventDefault() but would like to see the form code
Also, a tip on adding code blocks to your post.
Add [ brackets ] to code /code tags
Could you please share the modal form code with me?
I'm thinking it could be an event.preventDefault() but would like to see the form code
Also, a tip on adding code blocks to your post.
Add [ brackets ] to code /code tags
4 years ago
#3
preventDefault() seems to have solved (that) problem/error (I still have a bit of other debugging to do).
Thanks once again DaFa!
I will plan on remembering to use brackets next time -- with luck there won't be a next time but...
Thanks once again DaFa!
I will plan on remembering to use brackets next time -- with luck there won't be a next time but...