Security exception when cache is passed as view parameter

Security exception when cache is passed as view parameter - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: Security exception when cache is passed as view parameter (/showthread.php?tid=90478)

Security exception when cache is passed as view parameter - joho - 03-25-2024

Using 4.4.6, I'm getting a "CodeIgniter\Security\Exceptions\SecurityException #403" on a POST, when I submit a form. This only happens if I load the view(s) like this:

PHP Code:
$view_cache = ['cache' => nn]
return view( 'templates/header', $data, $view_cache )
         . view( 'login/signup', $data, $view_cache )
         . view( 'templates/footer', $data, $view_cache ); 

It doesn't matter if I set nn to zero or 60. If I change "cache" to "xcache" (which I'm guessing is simply ignored), everything works.

What am I doing wrong?

RE: Security exception when cache is passed as view parameter - InsiteFX - 03-25-2024

Your passing the data and cache multiple times, you only need to pass it once.

always pass the data in the first view, then it is available to all other views.

Try this, it's how I load the views.

PHP Code:
$view_cache = ['cache' => nn, 'cache_name' => 'login_signup']

return view( 'templates/header', $data, $view_cache )
        . view( 'login/signup' )
        . view( 'templates/footer' ); 

RE: Security exception when cache is passed as view parameter - kenjis - 03-25-2024

You cannot cache HTML forms with CSRF token.
CSRF tokens cannot be shared with others.

RE: Security exception when cache is passed as view parameter - joho - 03-25-2024

(03-25-2024, 04:08 AM)kenjis Wrote: You cannot cache HTML forms with CSRF token.
CSRF tokens cannot be shared with others.

Fair enough, that makes sense. But why does it start behaving so strange when I pass it a 'cache' parameter with a setting of zero? Shouldn't that be the same as not caching at all?

RE: Security exception when cache is passed as view parameter - kenjis - 03-25-2024

Yes, if you set zero, the cache should be expired at the moment and should not be used.
So I don't know why you get the SecurityException.

RE: Security exception when cache is passed as view parameter - joho - 03-26-2024

(03-25-2024, 03:52 AM)InsiteFX Wrote: Your passing the data and cache multiple times, you only need to pass it once.

always pass the data in the first view, then it is available to all other views.

Yes, you're right of course, I really should do that the correct way.