CSRF : Codeigniter / VueJs VIA JSON |
Hi,
We are currently using VUEJS here we had a "hickup" with the csrf protection from Codeigniter when sending json data instead of default form-data. After some researching we've found multiple articles that suggested to rewrite the csrf_verify function of the CI_Securtiy core class: Example: http://teknosains.com/i/how-to-ajax-csrf...-angularjs But i'm not really a big fan of overriding core functions of CI. I think there is a simpler solution (if you are only using post method) PHP Code: <?php By just filling the $_POST variable (which is empty) with the decoded json from php://input and calling the csrf_verify() function from the parent codeigniter CI_Security, you don't have to override the entire function and update the core of CI and not having to worry about missing changes in the csrf_verify() function. Can someone verify my approach and that it's viable, so that users in the future struggling with this same issue can just find a quick solution in this post ... not having to waste several hours like we did. Everything works as expected but I want to be sure this does not cause security holes, and thus giving people bad code. Thanks in advance. Bart |
Messages In This Thread |
CSRF : Codeigniter / VueJs VIA JSON - by bartMommens - 10-22-2019, 02:20 PM
RE: CSRF : Codeigniter / VueJs VIA JSON - by yealoaiza - 11-06-2020, 11:22 AM
RE: CSRF : Codeigniter / VueJs VIA JSON - by yealoaiza - 11-06-2020, 11:26 AM
|