CodeIgniter Forums

Full Version: csrf not working is this case
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I don't want to change default setting in config file, default it's FALSE. But i want to use CSRF in only contact form (other form don't need):

This is my controller:

PHP Code:
class Welcome extends CI_Controller {
    public function 
__construct() {
        
parent::__construct();
        
$this->load->helper('form_helper');
        
$this->load->library('session');
    }

    public function 
index()
    {
        
$this->config->set_item('csrf_protection'TRUE);
        
$this->load->view('welcome_message');
    }

End my View:

PHP Code:
<div id="container">
    <?
php echo form_open(NULL); ?>

    </form>
</div> 
But CSRF not working, it always empty value:
[Image: 02012015.PNG]
Hello,

csrf_protection is getting loaded earlier than request reaches to our controller so setting this to TRUE in controller will not make any effect. If we really wants to achieve this than i think we have make some hooks.

What was my approach for this.

Enable it globally and disable it for few urls which starts in my case with api.

Config.php
$config['csrf_protection'] = (isset($_SERVER["REQUEST_URI"])) ? (stripos($_SERVER["REQUEST_URI"], '/api') === false) : true;

Thanks & Regards
Tapan Thapa