Create account



CodeIgniter.com Twitter      


  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Exclude URI from CSRF

Offline superior
Coding is Art
**
Posts: 39
Threads: 11
Joined: Oct 2016
Reputation: 0
#1
09-04-2019, 06:07 AM
Hello,

I'm trying to exclude URI's from CSRF check for AJAX posts, in my .env file i've found;
Code:
app.CSRFExcludeURIs = []

Have set the required URL in this array but it still gives me a 403 Forbidden request, only when I deactivate the CSRF protection the request works. Do i need to configure this in other files as well or kan this be done within config\Filters.php?
Website Find
Reply

Offline kilishan
CI Project Lead
*******
Posts: 1,284
Threads: 65
Joined: Oct 2014
Reputation: 82
#2
09-04-2019, 06:20 AM
The easiest way is to probably handle that in the Filters config file. It's turned on globally for all POST requests at the moment, but you could modify that to exclude URI's
Support Development •  CodeIgniter 4 Foundations • Practical CodeIgniter 3  • Myth:Auth
Website Find
Reply

Offline superior
Coding is Art
**
Posts: 39
Threads: 11
Joined: Oct 2016
Reputation: 0
#3
09-04-2019, 06:25 AM
Hello Kilishan,

Seems to work from Config\Filters.php the .env file is ignored in it's request, from the documentation i've used the exclude part in the $globals if anyone else has this problem.

Thank you for the reply!
Website Find
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.