How to disable CSRF temporaly for callback controllers ?

[eluser]jonez[/eluser]
Another alternative using hooks. CSRF is disabled by default, use URL checks to enable for specific paths.

config/hooks.php

Code:

$hook['pre_system'][] = array(
'function' => 'check_csrf',
'filename' => 'csrf.php',
'filepath' => 'hooks',
);

hooks/csrf.php

Code:

function check_csrf( ) {
$segments = explode( '/', trim( parse_url( $_SERVER[ 'REQUEST_URI' ], PHP_URL_PATH ), '/' ) );

if ( ... ) {
  $config =& load_class( 'Config', 'core' );
  $config->set_item( 'csrf_protection', true );
}
}