+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: Exclude URI from CSRF (/showthread.php?tid=74271)
Exclude URI from CSRF - superior - 09-04-2019
Hello,
I'm trying to exclude URI's from CSRF check for AJAX posts, in my .env file i've found;
Code:
app.CSRFExcludeURIs = []Have set the required URL in this array but it still gives me a 403 Forbidden request, only when I deactivate the CSRF protection the request works. Do i need to configure this in other files as well or kan this be done within config\Filters.php?
RE: Exclude URI from CSRF - kilishan - 09-04-2019
The easiest way is to probably handle that in the Filters config file. It's turned on globally for all POST requests at the moment, but you could modify that to exclude URI's
RE: Exclude URI from CSRF - superior - 09-04-2019
Hello Kilishan,
Seems to work from Config\Filters.php the .env file is ignored in it's request, from the documentation i've used the exclude part in the $globals if anyone else has this problem.
Thank you for the reply!