CodeIgniter Forums

Full Version: Is there a fix for the CSRF "The action you have requested is not allowed" issue?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]esset[/eluser]
As you can imagine I have the infamous CSRF "The action you have requested is not allowed" issue. I'm running CI 2.0+.

The issue I'm having is that my code is working using my iPad, but if my friend is using his iPad he gets the error. This behaviour is just super strange.

I've read through 10+ topics and pretty much everyone says just to turn CSRF OFF, I don't really see this as being the solution to the problem. I mean I want CSRF protection to the turned ON, that's the whole point... no? Smile

So has anyone had any look altering the code to fix this issue?

Thank you in advance

El Forum

[eluser]esset[/eluser]
Has no one made any adjustments for this issue?

Just turning CSRF protection FALSE doesn't seem like a good solution Smile

Thanks

El Forum

[eluser]skunkbad[/eluser]
Especially if you are getting the error while not using ajax, then it must be something in your code. I have not experienced any problems with CSRF that weren't my fault.

El Forum

[eluser]Unknown[/eluser]
I've been having the same problem and after many tracing I found out a bug in codeigniter 2.0 which is in xss_clean function in codeigniter/libraries/Form_validation.php

Code:
if ( ! isset($this->CI->security))

I changed to this

Code:
$CI =& get_instance();
if ( ! isset($CI->security))

and it works correctly.

It had loaded security class twice and cookies had been unset so the form token hadn't equaled to the cooky after one submit

El Forum

[eluser]CroNiX[/eluser]
[quote author="amircoco" date="1354900516"]I've been having the same problem and after many tracing I found out a bug in codeigniter 2.0 which is in xss_clean function in codeigniter/libraries/Form_validation.php

Code:
if ( ! isset($this->CI->security))

I changed to this

Code:
$CI =& get_instance();
if ( ! isset($CI->security))

and it works correctly.

It had loaded security class twice and cookies had been unset so the form token hadn't equaled to the cooky after one submit[/quote]
Please file an official bug report on github, or this likely won't get fixed. If you submit a pull request with your changes - that would be even better.

El Forum

[eluser]sandeep49[/eluser]
If we have form fields in array :
For ex.: <input name='employee_name[]' />
Now I want to validate this field by form validation:
$this->form_validation->set_rules('employee_name[]', 'Employee Name', 'trim|required|xss_clean');

This code will not work:

$CI =& get_instance();
if ( ! isset($CI->security))


After replacing with this code...


$CI =& get_instance();
if (isset($CI->security))


Now everything is working fine....:lol: