Cross Site Form Submission |
Hi guys,
General Question: How to do Form submission between 2 CI application. CI1 : http://www.example.com CI2 : http://sub.example.com Form is on CI1 & it is submitted to CI2. Both apps are configured with CSRF & XSS enabled. Any way to "whitelist" CI1 in CI2 so that it does not generate an error & allow CI2 controller to process CI1 post request. Thanks! -- Khalil
I did this on CI 2 before. You basically have to extend the Security library and provide a list of controllers for it not to check CSRF for. This means that you'll need to be extremely careful about all the methods available, yada, yada...
Code: class MY_Security extends CI_Security That's older code, too, that won't work on newer versions of PHP since it's using the $RTR global, so you'll need to rework that a bit but it should give you an idea to get you started with.
Thanks kilishan!
It took some time but manage to make it work with your code Code: class MY_Security extends CI_Security Do let me know if there's any issue with the above code. For now its working! |
Welcome Guest, Not a member yet? Register Sign In |