XML-RPC CSRF protection - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: XML-RPC CSRF protection (/showthread.php?tid=57487) |
XML-RPC CSRF protection - El Forum - 03-18-2013 [eluser]N3XT0R[/eluser] Hello guys, i have a little problem ... i activated the CSRF protection inside the config.php and currently im developing on a API for my Project. Without the CSRF Protection i can easy call the XML-RPC Server, if i enable the Protection i become a HTTP1/0 500 Error with the message "The action you have requested is not allowed.". Is there maybe a good solution for this problem or can i disable the CSRF protection only for my XML-RPC Server? XML-RPC CSRF protection - El Forum - 03-18-2013 [eluser]TheFuzzy0ne[/eluser] You can use a conditional in your config.php file, so CSRF protection is not enabled for certain URLs. Code: $config['csrf_protection'] = TRUE; Untested, but might work. XML-RPC CSRF protection - El Forum - 03-18-2013 [eluser]N3XT0R[/eluser] Thanks for your reply, I've been thinking about this solution, too but I thought there is maybe a better solution than a condition in the config file. XML-RPC CSRF protection - El Forum - 03-18-2013 [eluser]TheFuzzy0ne[/eluser] The only other solution I can think of, would be to use GET instead of POST. CSRF protection seems to assume that all POST requests are forms being submitted. |