Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Is there a fix for the CSRF "The action you have requested is not allowed" issue?
Is there a fix for the CSRF "The action you have requested is not allowed" issue?
  • El Forum
    Guest
  •  
#1
10-17-2012, 12:10 PM

[eluser]esset[/eluser]
As you can imagine I have the infamous CSRF "The action you have requested is not allowed" issue. I'm running CI 2.0+.

The issue I'm having is that my code is working using my iPad, but if my friend is using his iPad he gets the error. This behaviour is just super strange.

I've read through 10+ topics and pretty much everyone says just to turn CSRF OFF, I don't really see this as being the solution to the problem. I mean I want CSRF protection to the turned ON, that's the whole point... no? Smile

So has anyone had any look altering the code to fix this issue?

Thank you in advance
  • El Forum
    Guest
  •  
#2
10-31-2012, 10:09 AM

[eluser]esset[/eluser]
Has no one made any adjustments for this issue?

Just turning CSRF protection FALSE doesn't seem like a good solution Smile

Thanks
  • El Forum
    Guest
  •  
#3
10-31-2012, 10:26 AM

[eluser]skunkbad[/eluser]
Especially if you are getting the error while not using ajax, then it must be something in your code. I have not experienced any problems with CSRF that weren't my fault.
  • El Forum
    Guest
  •  
#4
12-07-2012, 10:15 AM

[eluser]Unknown[/eluser]
I've been having the same problem and after many tracing I found out a bug in codeigniter 2.0 which is in xss_clean function in codeigniter/libraries/Form_validation.php

Code:
if ( ! isset($this->CI->security))

I changed to this

Code:
$CI =& get_instance();
if ( ! isset($CI->security))

and it works correctly.

It had loaded security class twice and cookies had been unset so the form token hadn't equaled to the cooky after one submit
  • El Forum
    Guest
  •  
#5
12-07-2012, 11:58 AM

[eluser]CroNiX[/eluser]
[quote author="amircoco" date="1354900516"]I've been having the same problem and after many tracing I found out a bug in codeigniter 2.0 which is in xss_clean function in codeigniter/libraries/Form_validation.php

Code:
if ( ! isset($this->CI->security))

I changed to this

Code:
$CI =& get_instance();
if ( ! isset($CI->security))

and it works correctly.

It had loaded security class twice and cookies had been unset so the form token hadn't equaled to the cooky after one submit[/quote]
Please file an official bug report on github, or this likely won't get fixed. If you submit a pull request with your changes - that would be even better.
  • El Forum
    Guest
  •  
#6
10-09-2013, 11:00 PM

[eluser]sandeep49[/eluser]
If we have form fields in array :
For ex.: <input name='employee_name[]' />
Now I want to validate this field by form validation:
$this->form_validation->set_rules('employee_name[]', 'Employee Name', 'trim|required|xss_clean');

This code will not work:

$CI =& get_instance();
if ( ! isset($CI->security))

After replacing with this code...


$CI =& get_instance();
if (isset($CI->security))

Now everything is working fine....:lol:




Theme © iAndrew 2016 - Forum software by © MyBB