Welcome Guest, Not a member yet? Register   Sign In
Is it possible to intercept CSRF token failure on POST operation?

Reading the docs, I see that you can turn on CSRF protection by editing app/Config/Filters.php. I've done so, and was somewhat surprised that the function just redirects back to the prior page. I suppose this makes some sense -- you can let the user try again what they were previously trying to do. However, I very much wish as a developer that I could more reliably detect this situation and respond accordingly. Is there no way to intercept this CSRF failure in your form handler?

From what I can tell, the only indication I have that CSRF has failed is not some well-defined variable (e.g., \CodeIgniter\Filters\CSRF::$crsf_failure = TRUE) that I might check either in my form handling controller::method (or even in the original form to which the user gets redirected) but the only indication I have in code is to check flash data:

PHP Code:
$session session();
That yields the bland error message "The action you requested is not allowed.".

Is there any way to intercept this CSRF failure such that I might choose some other action than just redirecting back to the form? There's no log entry or anything as far as I can see. Is there some hook I can define? Or some more structured/precise variable that I can check?

Theme © iAndrew 2016 - Forum software by © MyBB