If you already have xajax installed as a library, you can skip to step 7. Readme.txt This is the steps to take to enable xajax to run smoothly within your CI framework while CSRF is enabled. The steps are below but you can read them on my blog post here: http://www.gen.newrandom.com/2011/07/21/codeigniter-and-xajax-csrf-fix/ This assumes version CI 2.x (but i am on 2.0.2 specifically) 1.latest version of xajax (0.6-beta1) 2. move contents of xajax_core into application/libraries/xajax/ 3. renamed xajax.inc.php to Xajax.php (per CI library protocol) 4. changed ~line 59 (final class xajax) to (final class Xajax) per CI library protocol (probably unnecessary) 5. put the xajax_js folder in /root/public/js/ folder. (location of my js files) 6. [code] -- in my Site controller class function __constructor() { parent::__construct(); $this->ajax() # b/c index() is the default page in my controller } function ajax() { $this->load->library('xajax/xajax'); # libraries/xajax/Xajax.php $this->xajax->configure("requestURI", base_url().'index.php/site/'); # index.php/controller/ $this->xajax->configure("javascript URI", base_url().'public/js/'); # loc of xajax_js/ $this->xajax->register(XAJAX_FUNCTION, array('say_hello', $this, 'say_hello')); $this->xajax->processRequest(); } function say_hello() { $objResponse = new xajaxResponse(); $objResponse->Assign("ajax_div", "innerHTML", "Hello, world! ~from xAJAX!"); return $objResponse; } [/code] Now we will add AJAX functionality while CSRF is enabled. 7. Find and open xajax/plugin_layer/xajaxDefaultIncludePlugin.inc.php in libraries/ a. Go to line 213 and add the following code: [code] // add ci_csrf_token to auto-generated script $CI =& get_instance(); echo $sCrLf; echo 'xajax.config.ci_csrf_token = "'; echo $CI->security->get_csrf_hash(); echo '";'; [/code] note: you could make it clean and add the variables and match it up like the previous options, but at the end of the day you're just spreading the 5 lines of code around the script which will pain you when get new xajax updates. 8. Find and open the xajax_core_uncompressed.js in xajax_js/ a. Go to line 3250 and add the following code after 'delete dNow; [code] var csrf = xx.config.ci_csrf_token; rd.push('&ci_csrf_token='); rd.push(csrf); delete csrf; [/code] 9. By default, if you are using the xajax_core.js, you will have to go to that file and make the change there. But it is easier to know where you're making the change if you look at the uncompressed version first. 10. [code] if( isset($this->xajax) ) : // not all my pages use ajax echo $this->xajax->printJavascript(); ?> // other stuff here Say Hello
i say goodbye
#before
Just saying hello from XAJAX.
#after [/code] That should do it. If you are having problems, you can add the debugger which I wish I knew about and probably would have saved me hours. Just paste the following code in your but after the xajax. [code][/code] Now you will always have access to the CSRF while using XAJAX without having to worry about reading/decrypting CI's cookies in your XAJAX calls. It is all passed by adding the parameter directly. Of course, in the future, you will have to add the &ci_csrf_token in future updates (or rename it depending on the version of CI? I recall some versions use csrf_token_name from what I have read.)