Welcome Guest, Not a member yet? Register   Sign In
Server config causing CSRF triggers

The CSRF token is only verified when
  1. $config['csrf_protection'] = TRUE; in config.php
  2. The server method is POST

Does your hardening turns every GET into a POST?

If the request is not POST, then the 403 errors are due to some reason other than CSRF.

When POSTing, the CSRF token_name/token_hash needs to be part of the posted data.

Messages In This Thread
RE: Server config causing CSRF triggers - by dave friend - 08-22-2017, 01:45 PM
SOLUTION - by objecttothis - 09-07-2017, 04:16 AM

Theme © iAndrew 2016 - Forum software by © MyBB