Oct 21, 2015
0
Level 2
CSRF in Ckeditor with barryvdh's Elfinder
Im trying to upload images through ckeditor with the barryvdh's Elfinder Laravel component but the moment I press the "Send it to the server" image upload button, at the Network console I get the well Known CSRF error, Im using:
<script type="text/javascript" charset="utf-8">
// Helper function to get parameters from the query string.
function getUrlParam(paramName) {
var reParam = new RegExp('(?:[\?&]|&)' + paramName + '=([^&]+)', 'i') ;
var match = window.location.search.match(reParam) ;
return (match && match.length > 1) ? match[1] : '' ;
}
$().ready(function() {
var funcNum = getUrlParam('CKEditorFuncNum');
var elf = $('#elfinder').elfinder({
// set your elFinder options here
<?php if($locale){ ?>
lang: '<?= $locale ?>', // locale
<?php } ?>
customData: {
_token: '<?= csrf_token() ?>'
},
url: '<?= route("elfinder.connector") ?>', // connector URL
getFileCallback : function(file) {
window.opener.CKEDITOR.tools.callFunction(funcNum, file.url);
window.close();
}
}).elfinder('instance');
});
</script> // ckeditor4.php
elfinder/ckeditor | elfinder.ckeditor | Barryvdh\Elfinder ElfinderController@showCKeditor4 //routes for getting the elfinder
<script type="text/javascript">
CKEDITOR.replace( 'messageArea', {
filebrowserImageUploadUrl : '/elfinder/ckeditor',
height : 300
} );
</script> // at index.blade.php
There is a solution in https://github.com/barryvdh/laravel-elfinder/issues/100 which is to disable CSRF for certain routes, but I think it is dangerous. So I want your opinion how to Resolve this issue.
Please or to participate in this conversation.