CodeIgniter Forums

CodeIgniter Forums > Using CodeIgniter > Best Practices > CSRF protection for direct url access
Full Version: CSRF protection for direct url access
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

jimit.ik

11-30-2018, 05:21 AM
Hi Guys,

I am new in codeigniter. Any idea how prevent direct url access.

i can make crud opration project. for "View" or "Delete" Operation i want to prevent with CSRF token.

Code:
http://localhost/user/view/5

i want to prevent this. and same a delete.

CSRF enable in config file and CSRF token work with add, edit form

i want only direct url access.

Thank you.

Pertti

11-30-2018, 07:38 AM
What do you mean by "direct url access"?

Have you implemented user login/authentication?

If user does not have to log in, effectively, if someone can figure out the URL, they can just browse to it.

If user session authentication is in place, you can put general check in controller __construct method to ensure user has logged in by that point, and on individual controller methods check that user is trying to access/edit their own user profile (or profiles they are allowed to see).
CodeIgniter Forums > Using CodeIgniter > Best Practices > CSRF protection for direct url access