Attention Team CI4.3.+ has CSRF issue |
Hi, there Good Guys I would like to inform you that CI 4.3.+ has an issue with CSRF for example if you send the form post after submitting try to reverse the URL and try to send it again, it throws a new exception instead if the real one message
I have been curiously tested for several days now I realize there is make a test with this app here https://github.com/kenjis/ci4-news Codeigniter First, Codeigniter Then You!!
yekrinaDigitals
What do you mean?
If you say like this, I cannot reproduce the CSRF error. 1. navigate to http://localhost:8080/news/create 2. fill the form 3. post the form 4. press the browser's back button 5. fill the form for another news 6. post the form I tried Firefox and Chrome. No problem. (04-03-2023, 06:42 PM)kenjis Wrote: What do you mean? of cause @kenjis something like this (PHP PRG (Post-Redirect-Get(post))) if happens that it is where the issue occurs as I said I don t think it is a wise perhaps maybe happen network issue and post still hanging around ten you refresh that post-CSRF instead of firing a good message PHP Code: <?= session()->getFlashdata('error') ?> a good example as I said try to click back after you have posted without refreshing you will see this issue I think it is the same with (PRG) while I know that CI CSRF is very keen on observing every post request per one action Codeigniter First, Codeigniter Then You!!
yekrinaDigitals
In production, it is better to set `$redirect = true`:
https://codeigniter4.github.io/CodeIgnit...on-failure We changed the default value, becauseĀ it is difficult to get what happened when just redirecting especially for beginners. (04-04-2023, 01:34 AM)kenjis Wrote: In production, it is better to set `$redirect = true`: ooh, i forgot to read this area!!!! Thank @kenjis in my minor opinion it could be better if you make this default PHP Code: public bool $redirect = true; Codeigniter First, Codeigniter Then You!!
yekrinaDigitals
|
Welcome Guest, Not a member yet? Register Sign In |