CodeIgniter Forums
Is there a fix for the CSRF "The action you have requested is not allowed" issue? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Is there a fix for the CSRF "The action you have requested is not allowed" issue? (/thread-55264.html)



Is there a fix for the CSRF "The action you have requested is not allowed" issue? - El Forum - 10-17-2012

[eluser]esset[/eluser]
As you can imagine I have the infamous CSRF "The action you have requested is not allowed" issue. I'm running CI 2.0+.

The issue I'm having is that my code is working using my iPad, but if my friend is using his iPad he gets the error. This behaviour is just super strange.

I've read through 10+ topics and pretty much everyone says just to turn CSRF OFF, I don't really see this as being the solution to the problem. I mean I want CSRF protection to the turned ON, that's the whole point... no? Smile

So has anyone had any look altering the code to fix this issue?

Thank you in advance


Is there a fix for the CSRF "The action you have requested is not allowed" issue? - El Forum - 10-31-2012

[eluser]esset[/eluser]
Has no one made any adjustments for this issue?

Just turning CSRF protection FALSE doesn't seem like a good solution Smile

Thanks


Is there a fix for the CSRF "The action you have requested is not allowed" issue? - El Forum - 10-31-2012

[eluser]skunkbad[/eluser]
Especially if you are getting the error while not using ajax, then it must be something in your code. I have not experienced any problems with CSRF that weren't my fault.


Is there a fix for the CSRF "The action you have requested is not allowed" issue? - El Forum - 12-07-2012

[eluser]Unknown[/eluser]
I've been having the same problem and after many tracing I found out a bug in codeigniter 2.0 which is in xss_clean function in codeigniter/libraries/Form_validation.php

Code:
if ( ! isset($this->CI->security))

I changed to this

Code:
$CI =& get_instance();
if ( ! isset($CI->security))

and it works correctly.

It had loaded security class twice and cookies had been unset so the form token hadn't equaled to the cooky after one submit


Is there a fix for the CSRF "The action you have requested is not allowed" issue? - El Forum - 12-07-2012

[eluser]CroNiX[/eluser]
[quote author="amircoco" date="1354900516"]I've been having the same problem and after many tracing I found out a bug in codeigniter 2.0 which is in xss_clean function in codeigniter/libraries/Form_validation.php

Code:
if ( ! isset($this->CI->security))

I changed to this

Code:
$CI =& get_instance();
if ( ! isset($CI->security))

and it works correctly.

It had loaded security class twice and cookies had been unset so the form token hadn't equaled to the cooky after one submit[/quote]
Please file an official bug report on github, or this likely won't get fixed. If you submit a pull request with your changes - that would be even better.


Is there a fix for the CSRF "The action you have requested is not allowed" issue? - El Forum - 10-09-2013

[eluser]sandeep49[/eluser]
If we have form fields in array :
For ex.: <input name='employee_name[]' />
Now I want to validate this field by form validation:
$this->form_validation->set_rules('employee_name[]', 'Employee Name', 'trim|required|xss_clean');

This code will not work:

$CI =& get_instance();
if ( ! isset($CI->security))


After replacing with this code...


$CI =& get_instance();
if (isset($CI->security))


Now everything is working fine....:lol: