Cross-Site Request Forgery (CSRF) is a way to trick the server that a request sent to it is legitimate while it actually is an unauthorized attempt.
In CodeIgniter, CSRF protection is not enabled by default.
If it is been enabled then CodeIgniter generates a hash for each active user and this is used to verify the request.
Require to send the hash with the AJAX request otherwise, it gives an error – “The action you have requested is not allowed.”.
In this tutorial, I show how you can enable CSRF protection and regenerate hash for the next AJAX request and pass hash in AJAX request in the CodeIgniter project.