Welcome Guest, Not a member yet? Register   Sign In
Search Results
  Heart Thread: CodeIgniter 4 Has Been Awesome
Post: CodeIgniter 4 Has Been Awesome

Just thought I'd post this. I work as a web developer for a private company contracted by the US Federal Court System.  I'm a former Java programmer but nowadays primarily a Drupal/PHP developer for v...
765 Views
4 Replies
03-18-2022, 06:22 AM
donpwinston
    Thread: Strange Behavior
Post: Strange Behavior

I have a ..../public/test.php file: and I have a CI app where in a before() function of a custom filter I have:  log_message('debug', print_r(getallheaders(), true)); I'm getting different re...
408 Views
1 Replies
02-23-2022, 07:24 AM
donpwinston
    Thread: CSRF Protection Problem
Post: RE: CSRF Protection Problem

I did upgrade to 4.1.7. Everything appears to work now. It worked occasionally with 4.1.4 which drove me nuts. I have another app that is still 4.1.4 and that uses csrf too. I haven't experienced this...
528 Views
7 Replies
01-18-2022, 07:25 PM
donpwinston
    Thread: CSRF Protection Problem
Post: RE: CSRF Protection Problem

kenjis Wrote: (01-18-2022, 05:25 PM) -- security.csrfProtection = 'session' can be used in 4.1.5 and later. https://codeigniter4.github.io/userguide/changelogs/v4.1.5.html#enhancements -- ok I sa...
528 Views
7 Replies
01-18-2022, 05:29 PM
donpwinston
    Thread: CSRF Protection Problem
Post: RE: CSRF Protection Problem

I tried to add the following . I think the default names are messed up for example the csrf token name was csrf_test_token for some reason: security.tokenName = 'csrf_token_name' security.cookieName ...
528 Views
7 Replies
01-18-2022, 05:16 PM
donpwinston
    Thread: CSRF Protection Problem
Post: CSRF Protection Problem

I get the following error message in the session using the debug toolbar: error                  The action you have requested is not allowed. When I comment out the csrf entry in app/Config/Filte...
528 Views
7 Replies
01-18-2022, 03:29 PM
donpwinston
    Thread: security.csrfProtection = 'session'
Post: RE: security.csrfProtection = 'session'

kenjis Wrote: (01-14-2022, 04:33 PM) -- As you already posted 'cookie' is weaker than 'session'. https://forum.codeigniter.com/thread-80877.html session advantage: - safer than cookie   - If an...
453 Views
2 Replies
01-15-2022, 02:14 PM
donpwinston
    Thread: security.csrfProtection = 'session'
Post: security.csrfProtection = 'session'

Does anyone know the advantages or disadvantages of this setting? security.csrfProtection = 'session'
453 Views
2 Replies
01-14-2022, 05:02 AM
donpwinston
    Thread: Apply Filter to Route
Post: Apply Filter to Route

How do I use the csrf filter for a a specific route? I do not want it turned of for every route.
341 Views
2 Replies
01-13-2022, 03:42 PM
donpwinston
    Thread: Session ID Regeneration
Post: Session ID Regeneration

I can't find the config property that controls session id regeneration. I'd like to turn this off. What is it?
302 Views
1 Replies
01-12-2022, 09:21 AM
donpwinston
    Thread: FYI: CSRF Problem
Post: FYI: CSRF Problem

We got the following from our security guide who was checking our app: Weakness in Cross-Site Request Forgery (CSRF) Protection Risk Level - MODERATE Severity While the MEBN application impleme...
581 Views
2 Replies
12-28-2021, 02:53 AM
donpwinston
    Thread: Argument Types for Validation Rules
Post: RE: Argument Types for Validation Rules

iRedds Wrote: (12-18-2021, 05:03 AM) -- The data of the incoming request is by default a string. This is not a framework or php problem. This is a problem with the HTTP protocol. -- Oh, so valida...
656 Views
3 Replies
12-18-2021, 09:41 AM
donpwinston
    Thread: Argument Types for Validation Rules
Post: Argument Types for Validation Rules

I created the following validation rule: Code: -- public function not_blocked(int $mebn_seq): bool {     return !(new MebnDb())->isBlocked($mebn_seq); } -- It errored because $mebn_s...
656 Views
3 Replies
12-17-2021, 09:49 AM
donpwinston
    Thread: index.php
Post: index.php

When I execute Code: -- redirect()->to(base_url('/MEBN/password')); The url https://host-name.com/index.php/MEBN/password is used by the browser. Why is index.php stuck in there? How do I get ...
259 Views
1 Replies
12-01-2021, 04:07 PM
donpwinston
    Thread: Content Security Policy (Setting nonce value)
Post: RE: Content Security Policy (Setting nonce value)

donpwinston Wrote: (11-25-2021, 06:22 PM) -- When you turn content security policy on in .env via "app.CSPEnabled = true" a nonce is created for every inline css and javascript for the debug bar but ...
1,660 Views
3 Replies
11-26-2021, 09:50 AM
donpwinston
    Thread: Content Security Policy (Setting nonce value)
Post: RE: Content Security Policy (Setting nonce value)

When you turn content security policy on in .env via "app.CSPEnabled = true" a nonce is created for every inline css and javascript for the debug bar but NOT for the kint inline script and inline styl...
1,660 Views
3 Replies
11-25-2021, 06:22 PM
donpwinston
    Thread: Content Security Policy (Setting nonce value)
Post: Content Security Policy (Setting nonce value)

I'm using {csp-script-nonce} and {csp-style-nonce} in my script and style tags. But the Content-Security-Policy header does not appear to be set. Also the nonce has a different value each time I use i...
1,660 Views
3 Replies
11-24-2021, 05:12 AM
donpwinston
    Thread: Error: Use of undefined constant ENVIRONMENT - CI 4.1.5
Post: RE: Error: Use of undefined constant ENVIRONMENT -...

Line 110 of Factories.php is: self::$instances[$options['component']][$class] = new $class(...$arguments); I believe there is something messed up with your installation.
809 Views
4 Replies
11-21-2021, 03:12 AM
donpwinston
    Thread: fail to set flashdata after destroy session on logout
Post: RE: fail to set flashdata after destroy session on...

Halim Wrote: (11-09-2021, 10:05 AM) -- I have the same problem :( -- The session is destroyed. There is no place to put the flash data. The session is not created again until the controller class t...
1,060 Views
3 Replies
11-09-2021, 03:05 PM
donpwinston
    Thread: Session Destroy and Flashdata
Post: RE: Session Destroy and Flashdata

InsiteFX Wrote: (10-31-2021, 01:16 AM) -- Because you desroyed the session you need to recreate the session again first. -- OK, I get it. It's not created again until the constructor of the redirect...
695 Views
3 Replies
10-31-2021, 12:51 PM
donpwinston

Theme © iAndrew 2016 - Forum software by © MyBB