CodeIgniter Forums

Full Version: csrf error
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
hi, sorry for english , when i try to change from :

$config['csrf_protection'] = FALSE;

to :

$config['csrf_protection'] = TRUE;

i have the error :

The action you have requested is not allowed.

This is my config file :

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = '[email protected]#ouppou';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = FALSE;
$config['csrf_exclude_uris'] = array('');

In view i open  the form with :


          $attributes = array('class' => '',
              'id'                        => 'myform',
              'name'                      => 'form_profile',
              'method'                    => 'POST',

          echo form_open_multipart('/user/profile', $attributes);


And if i see the source i have :

<input type="hidden" name="csrf_test_name" value="2e60aac30338e51b8555d71542a61803" />

How can i solve it?
(12-26-2019, 04:01 AM)pippuccio76 Wrote: [ -> ]The action you have requested is not allowed.

The errors comes from system/libraries/Security.php, you can find it there if you search this error message.
Errors is throwed when csrf token is invalid.

1. Try to changing the weird the that use gave:
$config['csrf_cookie_name'] = '[email protected]#ouppou';
2. Once I was given a server with Session disabled, I could not use Session until hosting company enable it. Maybe the same case with Cookies, it is disabled on server (I don't have much experience using Cookies)
A cookie begins with a name-value pair:

A <cookie-name>
can be any US-ASCII characters, except control characters, spaces, or tabs.
It also must not contain a separator character like the following:
( ) < > @ , ; : \ " / [ ] ? = { }.

Now do you see your problem?