Is it necessary to check CSRF token in controller - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: Choosing CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=8) +--- Thread: Is it necessary to check CSRF token in controller (/showthread.php?tid=67754) |
Is it necessary to check CSRF token in controller - Anil - 04-05-2017 Hi, Is it necessary to check CSRF token in controller?? I have done csrf_protection = TRUE in config file . RE: Is it necessary to check CSRF token in controller - Martin7483 - 04-05-2017 Straight from the source Quote:CSRF protection RE: Is it necessary to check CSRF token in controller - PaulD - 04-05-2017 (04-05-2017, 02:30 AM)Anil Wrote: Is it necessary to check CSRF token in controller??No, this happens automatically whenever post data is encountered. (04-05-2017, 02:30 AM)Anil Wrote: I have done csrf_protection = TRUE in config file .The only other thing you have to do is use form_open to open your forms. CI will then add a hidden input field with the current CSRF token name and value. You can read about form_open in the form_helper docs. https://www.codeigniter.com/user_guide/helpers/form_helper.html#form_open Example: PHP Code: <?php echo form_open('blog/add_post'); ?> The form_close just puts in </form> but I use it still as it stops my editor from going crazy thinking I am closing an unopened tag. For more details, as pointed out by Martin7483, the docs are quite thorough. Paul. |