CodeIgniter Forums - Search Results

Pages (11): 1 2 3 4 5 … 11 Next »

Search Results

Thread: CodeIgniter 4 Has Been Awesome
Post: CodeIgniter 4 Has Been Awesome

Just thought I'd post this. I work as a web developer for a private company contracted by the US Federal Court System. I'm a former Java programmer but nowadays primarily a Drupal/PHP developer for v...

Thread: Strange Behavior
Post: Strange Behavior

I have a ..../public/test.php file: and I have a CI app where in a before() function of a custom filter I have: log_message('debug', print_r(getallheaders(), true)); I'm getting different re...

Thread: CSRF Protection Problem
Post: RE: CSRF Protection Problem

I did upgrade to 4.1.7. Everything appears to work now. It worked occasionally with 4.1.4 which drove me nuts. I have another app that is still 4.1.4 and that uses csrf too. I haven't experienced this...

Thread: CSRF Protection Problem
Post: RE: CSRF Protection Problem

kenjis Wrote: (01-18-2022, 05:25 PM) -- security.csrfProtection = 'session' can be used in 4.1.5 and later. https://codeigniter4.github.io/userguide/changelogs/v4.1.5.html#enhancements -- ok I sa...

Thread: CSRF Protection Problem
Post: RE: CSRF Protection Problem

I tried to add the following . I think the default names are messed up for example the csrf token name was csrf_test_token for some reason: security.tokenName = 'csrf_token_name' security.cookieName ...

Thread: CSRF Protection Problem
Post: CSRF Protection Problem

I get the following error message in the session using the debug toolbar: error The action you have requested is not allowed. When I comment out the csrf entry in app/Config/Filte...

Thread: security.csrfProtection = 'session'
Post: RE: security.csrfProtection = 'session'

kenjis Wrote: (01-14-2022, 04:33 PM) -- As you already posted 'cookie' is weaker than 'session'. https://forum.codeigniter.com/thread-80877.html session advantage: - safer than cookie - If an...

Thread: security.csrfProtection = 'session'
Post: security.csrfProtection = 'session'

Does anyone know the advantages or disadvantages of this setting? security.csrfProtection = 'session'

Thread: Apply Filter to Route
Post: Apply Filter to Route

How do I use the csrf filter for a a specific route? I do not want it turned of for every route.

Thread: Session ID Regeneration
Post: Session ID Regeneration

I can't find the config property that controls session id regeneration. I'd like to turn this off. What is it?

Thread: FYI: CSRF Problem
Post: FYI: CSRF Problem

We got the following from our security guide who was checking our app: Weakness in Cross-Site Request Forgery (CSRF) Protection Risk Level - MODERATE Severity While the MEBN application impleme...

Thread: Argument Types for Validation Rules
Post: RE: Argument Types for Validation Rules

iRedds Wrote: (12-18-2021, 05:03 AM) -- The data of the incoming request is by default a string. This is not a framework or php problem. This is a problem with the HTTP protocol. -- Oh, so valida...

Thread: Argument Types for Validation Rules
Post: Argument Types for Validation Rules

I created the following validation rule: Code: -- public function not_blocked(int $mebn_seq): bool { return !(new MebnDb())->isBlocked($mebn_seq); } -- It errored because $mebn_s...

Thread: index.php
Post: index.php

When I execute Code: -- redirect()->to(base_url('/MEBN/password')); The url https://host-name.com/index.php/MEBN/password is used by the browser. Why is index.php stuck in there? How do I get ...

Thread: Content Security Policy (Setting nonce value)
Post: RE: Content Security Policy (Setting nonce value)

donpwinston Wrote: (11-25-2021, 06:22 PM) -- When you turn content security policy on in .env via "app.CSPEnabled = true" a nonce is created for every inline css and javascript for the debug bar but ...

Thread: Content Security Policy (Setting nonce value)
Post: RE: Content Security Policy (Setting nonce value)

When you turn content security policy on in .env via "app.CSPEnabled = true" a nonce is created for every inline css and javascript for the debug bar but NOT for the kint inline script and inline styl...

Thread: Content Security Policy (Setting nonce value)
Post: Content Security Policy (Setting nonce value)

I'm using {csp-script-nonce} and {csp-style-nonce} in my script and style tags. But the Content-Security-Policy header does not appear to be set. Also the nonce has a different value each time I use i...

Thread: Error: Use of undefined constant ENVIRONMENT - CI 4.1.5
Post: RE: Error: Use of undefined constant ENVIRONMENT -...

Line 110 of Factories.php is: self::$instances[$options['component']][$class] = new $class(...$arguments); I believe there is something messed up with your installation.

Thread: fail to set flashdata after destroy session on logout
Post: RE: fail to set flashdata after destroy session on...

Halim Wrote: (11-09-2021, 10:05 AM) -- I have the same problem :( -- The session is destroyed. There is no place to put the flash data. The session is not created again until the controller class t...

Thread: Session Destroy and Flashdata
Post: RE: Session Destroy and Flashdata

InsiteFX Wrote: (10-31-2021, 01:16 AM) -- Because you desroyed the session you need to recreate the session again first. -- OK, I get it. It's not created again until the constructor of the redirect...