Welcome Guest, Not a member yet? Register   Sign In
CSRF only on POST request, reason?
#1

(This post was last modified: 03-05-2015, 07:24 PM by silentium.)

I'm working on a project that has a larger REST API backend used by a HTML5, JS frontend. Making it fully RESTful I'm using all request types. GET, POST, PUT and DELETE.

All requests posting data to the API required a CSRF token. I have so far used my own solution for this but started looking at the included CSRF in CI. And I now have some general questions.

  1. Is there a reason why the CSRF is only validating the token for POST requests? I would like to have it on PUT requests as well.
  2. Is there any way to control the error message if the token is invalid or missing? Atm it loads a error view template. I would like to have it return JSON.
Reply


Messages In This Thread
CSRF only on POST request, reason? - by silentium - 03-05-2015, 07:22 PM
RE: CSRF only on POST request, reason? - by james - 03-06-2015, 06:51 AM
RE: CSRF only on POST request, reason? - by Narf - 03-06-2015, 01:14 PM



Theme © iAndrew 2016 - Forum software by © MyBB