• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Exclude URI from CSRF

#1
Hello,

I'm trying to exclude URI's from CSRF check for AJAX posts, in my .env file i've found;
Code:
app.CSRFExcludeURIs = []

Have set the required URL in this array but it still gives me a 403 Forbidden request, only when I deactivate the CSRF protection the request works. Do i need to configure this in other files as well or kan this be done within config\Filters.php?
Reply

#2
The easiest way is to probably handle that in the Filters config file. It's turned on globally for all POST requests at the moment, but you could modify that to exclude URI's
Support Development  • Practical CodeIgniter 3  • Vulcan - CLI Tools for CI4
Reply

#3
Hello Kilishan,

Seems to work from Config\Filters.php the .env file is ignored in it's request, from the documentation i've used the exclude part in the $globals if anyone else has this problem.

Thank you for the reply!
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.