+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: CSRF configuration (/showthread.php?tid=88436)
CSRF configuration - __peter - 09-07-2023
Hi everybody...
im trying to configure csrf protection just for a couple of pages in my app using this code (config/filters.php):
public $globals = [
'before' => [
'csrf' => [
"/", ["except" => ["!*"]]
],
'auth' => ['except' => ['/', '/validateLogin']]
],
'after' => [
//...
],
];
what i want is that just 2 pages implement this protection but not all the rest which are a lot, and the code above tries to protect the complete app, how can i configure this?
Thanks in advance
RE: CSRF configuration - kenjis - 09-07-2023
Quote:There are times where you want to apply a filter to almost every request, but have a few that should be left alone. One common example is if you need to exclude a few URI’s from the CSRF protection filter to allow requests from third-party websites to hit one or two specific URI’s, while keeping the rest of them protected. To do this, add an array with the except key and a URI path (relative to BaseURL) to match as the value alongside the alias:
https://codeigniter4.github.io/CodeIgniter4/incoming/filters.html#except-for-a-few-uris
RE: CSRF configuration - kenjis - 09-07-2023
Specify filter(s) in routes.
See https://codeigniter4.github.io/CodeIgniter4/incoming/routing.html#applying-filters