Enabling CSRF to TRUE in CodeIgniter |
To enable CRSF in Codeigniter all you need to do is:
Set the option to "TRUE" in the config file All your forms MUST use the form_open() helper function. This will automatically generate and include a 'hidden' CSRF token in your forms. Codeigniter will then automatically check this token on each form submission as part of the security funciton. If it detects a CSRF error, it will throw a 401 error automatically. You dont need to do anything else. edit: I just re-read that you do not use form_open(). It might be possible to manually insert the CSRF token into the forms yourself - but it would be more work than is required. Just convert all your forms to use form_open - and it will work seemlessly. (And yes - this is one of the few poorly documented features in CI - so I understand why you couldnt find the answer - it took me a while as well) |
Messages In This Thread |
Enabling CSRF to TRUE in CodeIgniter - by FlanZarianick - 10-07-2022, 05:04 AM
RE: Enabling CSRF to TRUE in CodeIgniter - by firecode - 10-07-2022, 09:47 AM
RE: Enabling CSRF to TRUE in CodeIgniter - by captain-sensible - 10-07-2022, 10:56 AM
RE: Enabling CSRF to TRUE in CodeIgniter - by MatrickEganlan - 10-18-2022, 10:49 PM
|