CodeIgniter Forums
csrf_protection bug. Cant make it work - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: csrf_protection bug. Cant make it work (/thread-53521.html)

Pages: 1 2


csrf_protection bug. Cant make it work - El Forum - 07-27-2012

[eluser]rei[/eluser]
I'm having this error message for all browsers except FireFox.

An Error Was Encountered
The action you have requested is not allowed.

Please help me solve this problem. thanks Smile




csrf_protection bug. Cant make it work - El Forum - 07-29-2012

[eluser]Komeniusz[/eluser]
Check out these links:
http://ellislab.com/forums/viewthread/163976/
http://stackoverflow.com/questions/5367096/csrf-token-problem-with-codeigniter
http://aymsystems.com/ajax-csrf-protection-codeigniter-20
http://stackoverflow.com/questions/10274880/codeigniter-csrf-error-on-form-submittion


csrf_protection bug. Cant make it work - El Forum - 07-29-2012

[eluser]rei[/eluser]
Thanks for the links Smile But unfortunately still no luck. the problem still exists :/ I really need to use that csrf_protection.


csrf_protection bug. Cant make it work - El Forum - 07-30-2012

[eluser]InsiteFX[/eluser]

Eric Barnes - CodeIgniter CSRF Protection With Ajax



csrf_protection bug. Cant make it work - El Forum - 07-30-2012

[eluser]rei[/eluser]
Thanks for the link sir. It maybe helpful for me when I will implement ajax in the site that I'm building with csrf_protection. Nwei back to topic, It is not the solution for my current problem. But thanks for your help Smile


csrf_protection bug. Cant make it work - El Forum - 07-30-2012

[eluser]CroNiX[/eluser]
I don't think anyone will be able to really answer your question with the little information you have provided, which is probably why people are just posting links. It's too generic and you show no code. It's a bit like saying "my car is making a noise when I am driving. What's the problem?"


csrf_protection bug. Cant make it work - El Forum - 07-30-2012

[eluser]rei[/eluser]
Sorry sir. Nwei back to the topic.. the csrf_token is present when I view the source:
Code:
<input type="hidden" name="csrf_test_name" value="a95b55ae4a2a751bbf13bce3769e0ff4" />
</div>

I'm using form_open() function so the csrf token is inserted automatically in my forms.

here is the config.php file:
Code:
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;

But when I submit the form it shows me this error message:
An Error Was Encountered
The action you have requested is not allowed.

I’m having this error message for all browsers except FireFox ONLY IN MY LAPTOP if the site is online in a web host but when I'm in localhost there is no problem. When I test it on other laptops there is no problem even if the site is online in a web host. I also tested it on mobile and ipad and there is no problem. I'm wondering why I'm only having this problem in my laptop. I tried clearing the cache and even reformat my laptop but the problem still exists.

PS: I'm also having a session problem being lost after redirect only in my laptop but it also works fine when using firefox browser or when I'm in localhost.

Nwei Im using Windows 7 64 bit.

I tried it using linux mint OS in my laptop and I don't encounter any problem..





csrf_protection bug. Cant make it work - El Forum - 07-30-2012

[eluser]CroNiX[/eluser]
Try removing all underscores from any cookie names, including your regular sessions.


csrf_protection bug. Cant make it work - El Forum - 07-30-2012

[eluser]rei[/eluser]
I removed the underscores but it didn't solved the problem.

Code:
$config['csrf_token_name'] = 'csrftestname';
$config['csrf_cookie_name'] = 'csrfcookiename';



csrf_protection bug. Cant make it work - El Forum - 07-30-2012

[eluser]CroNiX[/eluser]
What are the rest of your cookie settings...path, domain, etc.