Change default page for csrf error - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: General (https://forum.codeigniter.com/forumdisplay.php?fid=1) +--- Forum: Lounge (https://forum.codeigniter.com/forumdisplay.php?fid=3) +--- Thread: Change default page for csrf error (/showthread.php?tid=71213) |
Change default page for csrf error - anthos1984 - 07-19-2018 Where to change default page for "this action is not allowed" which is caused by csrf token expired? RE: Change default page for csrf error - php_rocs - 07-20-2018 @anthos1984, There is no default page for "this action is not allowed". It is an error message. It may use one of the default error pages in the /application/views/errors directory. RE: Change default page for csrf error - dave friend - 07-26-2018 If you examine the execution path as designed you find... If the CSRF is not valid
So, one way to get what you want would be to extend CI_Securtity and redefine the method csrf_show_error(). Something along these (untested) lines. PHP Code: class MY_Security extends CI_Security Basically what happens above is you bypass the common function and go straight to the CI_Exceptions class passing the name of your custom view - which I call "csrf_error". You need to create the view file /application/views/errors/html/csrf_error.php that meets your objectives. RE: Change default page for csrf error - anthos1984 - 07-28-2018 (07-26-2018, 04:09 PM)dave friend Wrote: So, one way to get what you want would be to extend CI_Securtity and redefine the method csrf_show_error(). Something along these (untested) lines. Wow, thanks. I will try that RE: Change default page for csrf error - Ivankvkharkiv - 08-18-2020 (07-26-2018, 04:09 PM)dave friend Wrote: If you examine the execution path as designed you find... Yes, indeed, that is what I was thinking about, but then somehow you should force the system to load your Security class instead of standard security class. And how to do that? I mean that $this->security->somefunction() must call your new instantiated My_Security class which variable/instance must have name $security. How to do that without hacking the framework? This string instantiates this class: $SEC =& load_class('Security', 'core'); With hacking the framework we can rename the original class into Security_original and then create our class called Security extends Security_original, and this class will contain the functions which in case of CSRF attack will (for example) load page with logging asking to relogin again. |