[eluser]Treeda[/eluser]
Ok, after nobdy seem to have the same problem, i sat down and find my own solution .-)
However, i'll share with the community. This is my approach:
Just deriving from Security
Code:
class MY_Security extends CI_Security {
....
/**
* Verify Cross Site Request Forgery Protection
*
* @return object
*/
public function csrf_verify()
{
// If no POST data exists we will set the CSRF cookie
if (count($_POST) == 0)
{
return $this->csrf_set_cookie();
}
//ADDED ----------------------
$CFG =& load_class('Config', 'core');
if ( $excsrf = $CFG->item("csrf_exlude_uris")){
$URI =& load_class('URI', 'core');
if ( in_array($URI->uri_string(), $excsrf)){
return;
}
}
//END ADDED ----------------
....
in the config file just add a section like this, naming the urls you want being excluded from csrf
Code:
$config['csrf_exlude_uris'] = array(
"info/contact",
"search/model"
);