CodeIgniter Forums

Full Version: Disable CSRF on page using router
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I have one page that receives post data from another website, so I need to be able to whitelist this particular page to disable CSRF.  While Codeigniter has an option `$config['csrf_exclude_uris']` for this, this doesn't seem to be working in my scenario because I am using a router to get to this page.  Is there a way to make `csrf_exclude_uris` look at the determined controller/method rather than at the original url?


Post URL:

Routing rule: 
PHP Code:
$route['(:num)/(:any)'] = 'portal/index/$1/$2'

Want to do: 
PHP Code:
$config['csrf_exclude_uris'] = ['portal/index']; 

Rather not do, but does work: 
PHP Code:
$config['csrf_exclude_uris'] = ['(\d+)(\/)((?:[a-z][a-z]+))']; 

The problem is the Security class seems to look at `1234/test1` rather than `portal/index`.  Is there a way around this?  Is there a disadvantage to not using the actual controller/method?  From my tests, it appears portal and index are known before the whitelist check is applied.

Running CI 3.1.3. From the release notes, it doesn't look like 3.1.4 changed anything here.