$config['csrf_exclude_uris'] seems to be ignored |
I'm trying to exclude a certain controller/method from CSRF checks, but the $config['csrf_exclude_uris'] setting seems to be ignored.
I'm posting information from a mobile app, but I keep getting an HTTP 403 response unless I completely disable CSRF protection. Ideally I'd like to exclude all methods of the 'Mobile' controller, but even specifying a particular method doesn't work. I'm using: $config['csrf_exclude_uris'] = array('mobile/login'); Any idea what I may be doing wrong here?
I had the same thing. Solved it by:
$config['csrf_exclude_uris'] = array( "log.*+" ); Disables CRSF for every URL starting with: log ex: "http://site.com/log/message/1"
|
Welcome Guest, Not a member yet? Register Sign In |