Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support CSRF $csrfProtection set to cookie keeps regenerating
CSRF $csrfProtection set to cookie keeps regenerating
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,671
    Threads: 96
    Joined: Oct 2014
    Reputation: 230
#2
03-02-2022, 11:07 PM

Can't reproduce.

PHP Code:
--- a/app/Config/Filters.php
+++ b/app/Config/Filters.php
@@ -34,+34,@@ class Filters extends BaseConfig
    public $globals = [
        'before' => [
            // 'honeypot',
-            // 'csrf',
+            'csrf',
            // 'invalidchars',
        ],
        'after' => [

--- a/app/Config/Security.php
+++ b/app/Config/Security.php
@@ -83,+83,@@ class Security extends BaseConfig
      *
      * @var bool
      */
-    public $regenerate true;
+    public $regenerate false;

    /**
      * --------------------------------------------------------------------------

--- a/app/Controllers/Home.php
+++ b/app/Controllers/Home.php
@@ -6,6 +6,8 @@ class Home extends BaseController
{
    public function index()
    {
-        return view('welcome_message');
+        helper('form');
+
+        return csrf_hash();
    }


Cookie is sent in the first response once:

Code:
{
  "Response Cookies": {
   "csrf_cookie_name": {
     "expires": "2022-03-03T08:02:51.000Z",
     "httpOnly": true,
     "path": "/",
     "samesite": "Lax",
     "value": "05ebfaeb7430816961482f3c2dfae2a0"
   }
  }
}

And when I reload the page, my browser send the cookie:

Code:
{
  "Request Cookies": {
    "csrf_cookie_name": "05ebfaeb7430816961482f3c2dfae2a0"
  }
}
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply


Messages In This Thread
RE: CSRF $csrfProtection set to cookie keeps regenerating - by kenjis - 03-02-2022, 11:07 PM



Theme © iAndrew 2016 - Forum software by © MyBB