+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Best Practices (https://forum.codeigniter.com/forumdisplay.php?fid=12)
+--- Thread: CSRF protection for direct url access (/showthread.php?tid=72283)
CSRF protection for direct url access - jimit.ik - 11-30-2018
Hi Guys,
I am new in codeigniter. Any idea how prevent direct url access.
i can make crud opration project. for "View" or "Delete" Operation i want to prevent with CSRF token.
Code:
http://localhost/user/view/5i want to prevent this. and same a delete.
CSRF enable in config file and CSRF token work with add, edit form
i want only direct url access.
Thank you.
RE: CSRF protection for direct url access - Pertti - 11-30-2018
What do you mean by "direct url access"?
Have you implemented user login/authentication?
If user does not have to log in, effectively, if someone can figure out the URL, they can just browse to it.
If user session authentication is in place, you can put general check in controller __construct method to ensure user has logged in by that point, and on individual controller methods check that user is trying to access/edit their own user profile (or profiles they are allowed to see).