• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Solved] Any thing better than CSRF

#5
(12-16-2016, 03:57 PM)PaulD Wrote: Does the CSRF work when you use a simple form_open ?

Edit: I presume everything works fine when you turn off the CSRF for your code.

Edit 2: I have not actually built a CI site in ages but am just building two now with latest version (a large shop and a smaller product design shop) - however I doubt I will need multi part forms. Everything seems just as always so far except admittedly I have not started using the CSRF yet. I very much doubt and do not expect a bug in that though. I will switch it on tomorrow and see if anything unexpected happens.

Edit 3: I must admit I do love the google 'I am a human' checkbox :-)but Ido not like their captcha system - it is often so difficult even I struggle with it sometimes. Have you played the recordings - even worse than the text.

Yes the CSRF works when have form_open and form_open_mulitpart the issue is when I submit form It regenerate a new token and makes it throw error. error the action you have requested is not allowed I can't find away on my controller so I can stop if from throwing error. I followed this way https://www.codeigniter.com/user_guide/l...rgery-csrf also

Such a pain

PHP Code:
$config['cookie_prefix']    = '';
$config['cookie_domain']    = '';
$config['cookie_path']        = '/';
$config['cookie_secure']    = FALSE;
$config['cookie_httponly']     = FALSE;

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array(); 


Attached Files
.php   Thread.php (Size: 3.34 KB / Downloads: 87)
.php   thread_form.php (Size: 2.68 KB / Downloads: 86)
There's only one rule - please don't tell anyone to go and read the manual.  Sometimes the manual just SUCKS!
Reply


Messages In This Thread
RE: Any thing better than CSRF - by PaulD - 12-16-2016, 11:44 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-16-2016, 01:33 PM
RE: Any thing better than CSRF - by PaulD - 12-16-2016, 03:57 PM
RE: Any thing better than CSRF - by wolfgang1983 - 12-16-2016, 09:11 PM
RE: Any thing better than CSRF - by Diederik - 12-17-2016, 02:30 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-17-2016, 03:24 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-20-2016, 01:10 AM
RE: Any thing better than CSRF - by skunkbad - 12-17-2016, 03:23 PM
RE: Any thing better than CSRF - by wolfgang1983 - 12-17-2016, 03:40 PM
RE: Any thing better than CSRF - by kenjis - 12-17-2016, 05:12 PM
RE: Any thing better than CSRF - by Diederik - 12-20-2016, 03:13 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-22-2016, 08:21 PM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.