CSRF via http header? |
I looked through the docs and it didn't seem like it was supported, but as time has moved on many of us use front end frameworks like Vue or Angular. Since the front end javascript frameworks are handling our forms, it becomes a little tedious to attach the csrf token to every form we're going to upload.
Will CI4 also accept a csrf token being passed in via the http header on post? At least in the library that I use (Axios), it would be easy to setup every form post to include the csrf token from the beginning via the header. As far as I know, you can't add them as post data by default.
Codeigniter is simply one of the tools you need to learn to be a successful developer. Always add more tools to your coding arsenal!
Check this stackoverflow link https://stackoverflow.com/questions/4552...e-template
(09-30-2018, 10:56 PM)albertleao Wrote: I looked through the docs and it didn't seem like it was supported, but as time has moved on many of us use front end frameworks like Vue or Angular. Since the front end javascript frameworks are handling our forms, it becomes a little tedious to attach the csrf token to every form we're going to upload. I your Angular, React or Vue app is not inside your project you not need send a CSRF token via HTTP Header, you can send Authorization Header combined with some filter before the request has been processed like this: App/Filters/ApiAuth.php filter PHP Code: <?php App/Config/Filters.php PHP Code: <?php namespace Config; If your app is inside your project then you can do it: Code: $.ajax({
but the idea is good - we should support header-csrf tokens for better compatibility. its used by many front end frameworks
(10-01-2018, 02:55 AM)puschie Wrote: but the idea is good - we should support header-csrf tokens for better compatibility. its used by many front end frameworks I have been working with Angular, Vuejs and React for a long time and I always manage authorization with tokens using Bearer, usually with JWT, never with CSRF, but it is my experience. The reason is that it is a standard applicable to any project and does not depend on the Framework. |
Welcome Guest, Not a member yet? Register Sign In |