Welcome Guest, Not a member yet? Register   Sign In
CSRF : Codeigniter / VueJs VIA JSON


We are currently using VUEJS here we had a "hickup" with the csrf protection from Codeigniter when sending json data instead of default 
form-data. After some researching we've found multiple articles that suggested to rewrite the csrf_verify function of the CI_Securtiy core class:


But i'm not really a big fan of overriding core functions of CI.

I think there is a simpler solution (if you are only using post method)

PHP Code:

class MY_Security extends CI_Security
    public function csrf_verify()
        /* Fill the $_POST since it is empty with data with php://input (decode json) */
        $_POST json_decode(file_get_contents('php://input'),true);
/* call parent csrf_verify function (now $_POST is not empty) */

By just filling the $_POST variable (which is empty) with the decoded json from php://input and calling the csrf_verify() function  from the parent codeigniter CI_Security, you don't have to override the entire function and update the core of CI and not having to worry about missing changes in the csrf_verify() function.

Can someone verify my approach and that it's viable, so that users in the future struggling with this same issue can just find a quick solution in this post ... not having to waste several hours like we did.

Everything works as expected but I want to be sure this does not cause security holes, and thus giving people bad code.

Thanks in advance.

Messages In This Thread
CSRF : Codeigniter / VueJs VIA JSON - by bartMommens - 10-22-2019, 02:20 PM

Theme © iAndrew 2016 - Forum software by © MyBB