• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Solved] CSRF CI3 Question

#1
I have a question about CSRF on Codeigniter 3

When I submit any of my forms and get a error on form if I refresh page or reload page it then throws codeigniter error

Code:
The action you have requested is not allowed.

Why does that happen only when reload or refresh.

PHP Code:
$config['cookie_prefix']    '';

$config['cookie_domain']    '';
$config['cookie_path']        '/';
$config['cookie_secure']    FALSE;
$config['cookie_httponly'    FALSE;


$config['global_xss_filtering'] = TRUE;

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array(); 

Any Suggestions?
There's only one rule - please don't tell anyone to go and read the manual.  Sometimes the manual just SUCKS!
Reply

#2
I guess that is related to the fact that you have CSRF enabled. But I think you've explained wrong your problem. This should happen only if you do a "Back/Previous" from your browser and then try to submit the same form again or you've tried to submit a form after a long time.
Reply

#3
Set this:
Code:
$config['csrf_regenerate'] = FALSE;
Regenerating CSRF doesn't do a whole lot for security and causes more issues then it's worth.
Reply

#4
@spjonez What do you mean by "doesn't do a whole lot for security"?
Reply

#5
(06-08-2015, 06:08 AM)spjonez Wrote: Set this:

Code:
$config['csrf_regenerate'] = FALSE;
Regenerating CSRF doesn't do a whole lot for security and causes more issues then it's worth.

That seem to do the trick. Not sure why that caused issue?
There's only one rule - please don't tell anyone to go and read the manual.  Sometimes the manual just SUCKS!
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.