+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: CodeIgniter 3.x (https://forum.codeigniter.com/forumdisplay.php?fid=17)
+--- Thread: CSRF (/showthread.php?tid=62535)
CSRF - scalar1 - 07-25-2015
When $config['csrf_protection'] = TRUE,
if I search the site via a search form, click on a search result and then clicks on the browser back button,
the browser says: "Webpage has expired"
$config['csrf_regenerate'] = FALSE !
if I set $config['csrf_protection'] to TRUE it solves the problem, but obviously this is not a good idea...
RE: CRSF - Avenirer - 07-27-2015
how did you create the form? with form_open()?
RE: CRSF - Iman - 07-29-2015
how solve it still show on page view source.....
RE: CRSF - scalar1 - 07-30-2015
(07-27-2015, 01:54 AM)Avenirer Wrote: how did you create the form? with form_open()?
Yes
RE: CRSF - spjonez - 07-31-2015
Set csrf_regenerate to false otherwise the token stored in your page will be invalid when they click back. http://security.stackexchange.com/questions/22903/why-refresh-csrf-token-per-form-request see first reply.
RE: CRSF - ben_ci - 02-29-2024
I am working on a old project in CI3.
Added a form and enabled csrf protection.
For chrome and firefox, the form gets submitted and it’s working well. But for safari
It’s showing “ The action you have requested is not allowed.”
i set $config['csrf_regenerate'] = FALSE;
Safari generate new token every time i refresh the page.
3rd party cookies also enabled in the settings.
Any idea?
Thanks!
RE: CSRF - kenjis - 03-01-2024
This? https://github.com/bcit-ci/CodeIgniter/issues/6134
https://github.com/bcit-ci/CodeIgniter/commit/ea1e3c8b5425fb68e33f1d5f72c5888295537076