Is it necessary to check CSRF token in controller |
Hi,
Is it necessary to check CSRF token in controller?? I have done csrf_protection = TRUE in config file .
Straight from the source
Quote:CSRF protection (04-05-2017, 02:30 AM)Anil Wrote: Is it necessary to check CSRF token in controller??No, this happens automatically whenever post data is encountered. (04-05-2017, 02:30 AM)Anil Wrote: I have done csrf_protection = TRUE in config file .The only other thing you have to do is use form_open to open your forms. CI will then add a hidden input field with the current CSRF token name and value. You can read about form_open in the form_helper docs. https://www.codeigniter.com/user_guide/h...#form_open Example: PHP Code: <?php echo form_open('blog/add_post'); ?> The form_close just puts in </form> but I use it still as it stops my editor from going crazy thinking I am closing an unopened tag. For more details, as pointed out by Martin7483, the docs are quite thorough. Paul. |
Welcome Guest, Not a member yet? Register Sign In |