+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: CodeIgniter 3.x (https://forum.codeigniter.com/forumdisplay.php?fid=17)
+--- Thread: $config['csrf_exclude_uris'] seems to be ignored (/showthread.php?tid=1683)
$config['csrf_exclude_uris'] seems to be ignored - matbeard - 04-01-2015
I'm trying to exclude a certain controller/method from CSRF checks, but the $config['csrf_exclude_uris'] setting seems to be ignored.
I'm posting information from a mobile app, but I keep getting an HTTP 403 response unless I completely disable CSRF protection.
Ideally I'd like to exclude all methods of the 'Mobile' controller, but even specifying a particular method doesn't work. I'm using: $config['csrf_exclude_uris'] = array('mobile/login');
Any idea what I may be doing wrong here?
RE: $config['csrf_exclude_uris'] seems to be ignored - digitalhuman - 09-08-2016
I had the same thing. Solved it by:
$config['csrf_exclude_uris'] = array(
"log.*+"
);
Disables CRSF for every URL starting with: log ex: "http://site.com/log/message/1"
RE: $config['csrf_exclude_uris'] seems to be ignored - bartMommens - 07-06-2019
(09-08-2016, 12:10 AM)digitalhuman Wrote: I had the same thing. Solved it by:
$config['csrf_exclude_uris'] = array(
"log.*+"
);
Disables CRSF for every URL starting with: log ex: "http://site.com/log/message/1"
My hero !
