Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Exclude URI from CSRF
Exclude URI from CSRF
  • Offline superior
    Coding is Art
  • ***
  • Posts: 175
    Threads: 30
    Joined: Oct 2016
    Reputation: 3
#1
09-04-2019, 06:07 AM

Hello,

I'm trying to exclude URI's from CSRF check for AJAX posts, in my .env file i've found;
Code:
app.CSRFExcludeURIs = []

Have set the required URL in this array but it still gives me a 403 Forbidden request, only when I deactivate the CSRF protection the request works. Do i need to configure this in other files as well or kan this be done within config\Filters.php?
Reply
  • Offline kilishan
    CI Project Lead
  • *******
  • Posts: 1,461
    Threads: 90
    Joined: Oct 2014
    Reputation: 120
#2
09-04-2019, 06:20 AM

The easiest way is to probably handle that in the Filters config file. It's turned on globally for all POST requests at the moment, but you could modify that to exclude URI's
Support Development •  CodeIgniter 4 Foundations • Practical CodeIgniter 3  • CodeIgniter Tutorials
Reply
  • Offline superior
    Coding is Art
  • ***
  • Posts: 175
    Threads: 30
    Joined: Oct 2016
    Reputation: 3
#3
09-04-2019, 06:25 AM

Hello Kilishan,

Seems to work from Config\Filters.php the .env file is ignored in it's request, from the documentation i've used the exclude part in the $globals if anyone else has this problem.

Thank you for the reply!
Reply




Theme © iAndrew 2016 - Forum software by © MyBB