+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: CodeIgniter 3.x (https://forum.codeigniter.com/forumdisplay.php?fid=17)
+--- Thread: [Solved] CSRF CI3 Question (/showthread.php?tid=62073)
[Solved] CSRF CI3 Question - wolfgang1983 - 06-07-2015
I have a question about CSRF on Codeigniter 3
When I submit any of my forms and get a error on form if I refresh page or reload page it then throws codeigniter error
Code:
The action you have requested is not allowed.Why does that happen only when reload or refresh.
PHP Code:
$config['cookie_prefix'] = '';
$config['cookie_domain'] = '';
$config['cookie_path'] = '/';
$config['cookie_secure'] = FALSE;
$config['cookie_httponly'] = FALSE;
$config['global_xss_filtering'] = TRUE;
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();
Any Suggestions?
RE: CSRF CI3 Question - Avenirer - 06-08-2015
I guess that is related to the fact that you have CSRF enabled. But I think you've explained wrong your problem. This should happen only if you do a "Back/Previous" from your browser and then try to submit the same form again or you've tried to submit a form after a long time.
RE: CSRF CI3 Question - spjonez - 06-08-2015
Set this:
Code:
$config['csrf_regenerate'] = FALSE;RE: CSRF CI3 Question - Avenirer - 06-08-2015
@spjonez What do you mean by "doesn't do a whole lot for security"?
RE: CSRF CI3 Question - wolfgang1983 - 06-08-2015
(06-08-2015, 06:08 AM)spjonez Wrote: Set this:
Regenerating CSRF doesn't do a whole lot for security and causes more issues then it's worth.Code:$config['csrf_regenerate'] = FALSE;
That seem to do the trick. Not sure why that caused issue?