CodeIgniter Forums
CSRF Except not working on multiple URI Paths - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: CSRF Except not working on multiple URI Paths (/showthread.php?tid=81568)

CSRF Except not working on multiple URI Paths - vimkaf - 03-18-2022

I am working on an API and i want to exempt some routes from CSRF check whenever i use the except property on a singe URI like this
PHP Code:
public $globals = [
        'before' => [
        'csrf' => ['except' => 'api/*'],
        ],
        'after' => [
            'toolbar',
            // 'honeypot',
        ],
    ]; 

Everything works fine but if I make the except have multiple URIs like this
PHP Code:
public $globals = [
        'before' => [
            'csrf' => [
                ['except' => ['api/*''hook/*']]
            ]
        ],
        'after' => [
            'toolbar',
            // 'honeypot',
        ],
    ]; 
I get an error " Can't find a route for 'api/buy/data' " from my postman response as shown below
Code:
{
"title": "CodeIgniter\\Exceptions\\PageNotFoundException",
"type": "CodeIgniter\\Exceptions\\PageNotFoundException",
"code": 404,
"message": "Can't find a route for 'api/buy/data'.",
"file": "C:\\laragon\\www\\payproject\\vendor\\codeigniter4\\framework\\system\\CodeIgniter.php",
"line": 885,
"trace": [
{
"file": "C:\\laragon\\www\\payproject\\vendor\\codeigniter4\\framework\\system\\CodeIgniter.php",
"line": 885,
"function": "forPageNotFound",
"class": "CodeIgniter\\Exceptions\\PageNotFoundException",
"type": "::",
"args": [
"Can't find a route for 'api/buy/data'."
]
},
{
"file": "C:\\laragon\\www\\payproject\\vendor\\codeigniter4\\framework\\system\\CodeIgniter.php",
"line": 340,
"function": "display404errors",
"class": "CodeIgniter\\CodeIgniter",
"type": "->",
"args": [
{}
]
},
{
"file": "C:\\laragon\\www\\payproject\\public\\index.php",
"line": 37,
"function": "run",
"class": "CodeIgniter\\CodeIgniter",
"type": "->",
"args": []
}
]
}

My CI Version is 4.1.9
My PHP Version is 7.4.3
What I have tried?
1. I have tried downgrading CI to 4.1.8, it didn't have any effect.
2. Changed PHP to v8.1 -  No effect still
3. Slept and woke up  Big Grin no changes
4. Restarted Apache, Postman,  Rolleyes . 
I have no idea what's causing this behaviour. Please help this poor sob.

RE: CSRF Except not working on multiple URI Paths - iRedds - 03-20-2022

"Can't find a route for 'api/buy/data'." the text says it all.
PHP Code:
//for 1 route 
        'csrf' => ['except' => 'api/*'],

// for few routes 
            'csrf' => [
                ['except' => ['api/*''hook/*']]
            ]
// WHY? 


RE: CSRF Except not working on multiple URI Paths - renietomx - 05-14-2022

(03-18-2022, 01:00 PM)vimkaf Wrote: I am working on an API and i want to exempt some routes from CSRF check whenever i use the except property on a singe URI like this
PHP Code:
public $globals = [
        'before' => [
        'csrf' => ['except' => 'api/*'],
        ],
        'after' => [
            'toolbar',
            // 'honeypot',
        ],
    ]; 

Everything works fine but if I make click here the except have multiple URIs like this
PHP Code:
public $globals = [
        'before' => [
            'csrf' => [
                ['except' => ['api/*''hook/*']]
            ]
        ],
        'after' => [
            'toolbar',
            // 'honeypot',
        ],
    ]; 
I get an error " Can't find a route for 'api/buy/data' " from my postman response as shown below
Code:
{
"title": "CodeIgniter\\Exceptions\\PageNotFoundException",
"type": "CodeIgniter\\Exceptions\\PageNotFoundException",
"code": 404,
"message": "Can't find a route for 'api/buy/data'.",
"file": "C:\\laragon\\www\\payproject\\vendor\\codeigniter4\\framework\\system\\CodeIgniter.php",
"line": 885,
"trace": [
{
"file": "C:\\laragon\\www\\payproject\\vendor\\codeigniter4\\framework\\system\\CodeIgniter.php",
"line": 885,
"function": "forPageNotFound",
"class": "CodeIgniter\\Exceptions\\PageNotFoundException",
"type": "::",
"args": [
"Can't find a route for 'api/buy/data'."
]
},
{
"file": "C:\\laragon\\www\\payproject\\vendor\\codeigniter4\\framework\\system\\CodeIgniter.php",
"line": 340,
"function": "display404errors",
"class": "CodeIgniter\\CodeIgniter",
"type": "->",
"args": [
{}
]
},
{
"file": "C:\\laragon\\www\\payproject\\public\\index.php",
"line": 37,
"function": "run",
"class": "CodeIgniter\\CodeIgniter",
"type": "->",
"args": []
}
]
}

My CI Version is 4.1.9
My PHP Version is 7.4.3
What I have tried?
1. I have tried downgrading CI to 4.1.8, it didn't have any effect.
2. Changed PHP to v8.1 -  No effect still
3. Slept and woke up  Big Grin no changes
4. Restarted Apache, Postman,  Rolleyes . 
I have no idea what's causing this behaviour. Please help this poor sob.

have you got the solution? I have tried the @iRedds solution but still facing the issue Sad

RE: CSRF Except not working on multiple URI Paths - vimkaf - 05-17-2022

Yes hope you have solved it too