Login

08-04-2011, 10:30 AM

[eluser]Treeda[/eluser]
Ok, after nobdy seem to have the same problem, i sat down and find my own solution .-)

However, i'll share with the community. This is my approach:

Just deriving from Security

Code:
class MY_Security extends CI_Security {

....

    /**

     * Verify Cross Site Request Forgery Protection

     *

     * @return    object

     */

    public function csrf_verify()

    {

        // If no POST data exists we will set the CSRF cookie

        if (count($_POST) == 0)

        {

            return $this->csrf_set_cookie();

        }

//ADDED ----------------------

        $CFG =& load_class('Config', 'core');

        if ( $excsrf = $CFG->item("csrf_exlude_uris")){

            $URI =& load_class('URI', 'core');

            if ( in_array($URI->uri_string(), $excsrf)){

                return;

            }

        }

//END ADDED ----------------

....

in the config file just add a section like this, naming the urls you want being excluded from csrf

Code:
$config['csrf_exlude_uris'] = array(

    "info/contact",

    "search/model"

);