CodeIgniter Forums
Forbidden 403? CSRF! - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forum-5.html)
+--- Forum: General Help (https://forum.codeigniter.com/forum-24.html)
+--- Thread: Forbidden 403? CSRF! (/thread-78531.html)



Forbidden 403? CSRF! - blaasvaer - 02-04-2021

Hi, I've been creative and created a 'dynamic' API (http:// … /<resource>/<optional id>) which work great.

My problem is, that when I try to add resources by POSTing (or update using PUT), I get a 403 forbidden. Now, according to the docs I'm trying to enable CRSF in Filters, add whitelist urls ... something like this:

Code:
public $globals = [
'before' => [
'csrf' => ['except' => ['api/record/save']]
]


Now, it defeats the whole point of having a 'dynamic' API if I have to manually add exceptions in filters afterwards.

Now, HOW would I make it possible to use PUT and POST in this case to avoid errors like the above.

NOTE: the application is "frontend" ONLY, I don't use CI for generating any type of visual output (forms etc.), so the csrf_methods are probably out of the question ... the user is validated by being logged in. So, only logged in users can create and update stuff. But I basically need to remove url exceptions from the loop.

Hmm, maybe disabling the CSRF completely will do?