+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: How to disable CSRF temporaly for callback controllers ? (/showthread.php?tid=39188)
How to disable CSRF temporaly for callback controllers ? - El Forum - 12-19-2012
[eluser]Emelian[/eluser]
Hello!
Show you how to disable the protection CSRF, when authorization is on a different server with authentication module uLogin for Codeigniter http://ulogin.ru/constructor.html
Needless to connect two libraries are as follows:
$ this-> load-> library ('ulogin');
$ this-> load-> library ('uauth');
Output on the page:
echo $ this-> ulogin-> get_html ();
Where and what should be set to avoid any mistake?:
"The action you have requested is not allowed."
If I understand correctly, the error is caused by an invalid token is passed to the authentication result.
Please help solve the problem.
With respect.
How to disable CSRF temporaly for callback controllers ? - El Forum - 02-21-2013
[eluser]Unknown[/eluser]
when i checked logs , i saw these errors ;
Quote: Cannot access protected property CI_Security::$_xss_hash in ..
so i changed some access modifiers in security file
System\core\Security.php
find the lines below
Code:
protected $_csrf_hash;
protected $_csrf_token_namechange protected to public like this
Code:
public $_csrf_hash;
public $_csrf_token_nameHow to disable CSRF temporaly for callback controllers ? - El Forum - 02-21-2013
[eluser]Emelian[/eluser]
[quote author="efesaid" date="1361473345"]when i checked logs , i saw these errors ;
Quote: Cannot access protected property CI_Security::$_xss_hash in ..
so i changed some access modifiers in security file
System\core\Security.php
find the lines below
Code:
protected $_csrf_hash;
protected $_csrf_token_namechange protected to public like this
Code:
public $_csrf_hash;
public $_csrf_token_nameefesaid, this is the answer to my question?
How to disable CSRF temporaly for callback controllers ? - El Forum - 05-23-2013
[eluser]Unknown[/eluser]
[quote author="jpwdesigns" date="1303427498"]Ok, here is the solution (hack) i've got working for anyone else needing it:
Code:
if (isset($_SERVER["REQUEST_URI"]))
{
if(stripos($_SERVER["REQUEST_URI"],'/mypage') === FALSE)
{
$config['csrf_protection'] = TRUE;
}
else
{
$config['csrf_protection'] = FALSE;
}
}
else
{
$config['csrf_protection'] = TRUE;
}I know this is quoting an old post, but I wanted to share my compressed ternary version of the above code:
Code:
$config['csrf_protection'] = (isset($_SERVER["REQUEST_URI"]))
? (stripos($_SERVER["REQUEST_URI"],'/mypage') === false)
: true;How to disable CSRF temporaly for callback controllers ? - El Forum - 06-24-2014
[eluser]Unknown[/eluser]
Took me a while, and none of the solutions in here worked.
But, I found a solution!
To anyone using html5boilerplate to generate .htaccess, do this:
Lines 346 to 350 are enabled by default in the .htaccess by html5boilerplate. You have to comment them out to get rid of the error:
Code:
# <IfModule mod_rewrite.c>
# RewriteCond %{SCRIPT_FILENAME} -d [OR]
# RewriteCond %{SCRIPT_FILENAME} -f
# RewriteRule "(^|/)\." - [F]
# </IfModule>Fixed it for me :-).
How to disable CSRF temporaly for callback controllers ? - El Forum - 06-24-2014
[eluser]jonez[/eluser]
Another alternative using hooks. CSRF is disabled by default, use URL checks to enable for specific paths.
config/hooks.php
Code:
$hook['pre_system'][] = array(
'function' => 'check_csrf',
'filename' => 'csrf.php',
'filepath' => 'hooks',
);hooks/csrf.php
Code:
function check_csrf( ) {
$segments = explode( '/', trim( parse_url( $_SERVER[ 'REQUEST_URI' ], PHP_URL_PATH ), '/' ) );
if ( ... ) {
$config =& load_class( 'Config', 'core' );
$config->set_item( 'csrf_protection', true );
}
}