Login

**includebeer** · 04-12-2020, 02:03 PM

(04-12-2020, 12:30 PM)Gary Wrote: Thanks Includebeer... I did start having a look at doing this, and although it was easy enough to find and change for a similar problem (for 429 response used by the Throttle class, which is in the App folder), when it comes to 403s (which are returned for the csrf filter), all I can find is what looks like the csrf form insertion functions in form_helper.php and Common.php and the palce where is thrown SYSTEMPATH/Security\Exceptions\SecurityException.php, which you'll note are all in the system directory and I'm reluctant- for a couple of reasons- to fiddle with).

Definitely don't mess with the system directory. But you can override or extends a system class in your own app: https://codeigniter4.github.io/userguide...re-classes

Maybe you could extend the Security class and just override the CSRFVerify() function to handle the exception like you want:

PHP Code:
public function CSRFVerify(RequestInterface $request)
{
...
    // Do the tokens exist in both the _POST/POSTed JSON and _COOKIE arrays?
    if (! isset($CSRFTokenValue, $_COOKIE[$this->CSRFCookieName]) || $CSRFTokenValue !== $_COOKIE[$this->CSRFCookieName]
    ) // Do the tokens match?
    {
        /*** Do something else here, throw your own exception? ***/
        throw SecurityException::forDisallowedAction();
    }
...
} 

CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/