form submit with csrf not working |
11-17-2021, 02:59 AM
(This post was last modified: 11-17-2021, 03:01 AM by captain-sensible. Edit Reason: spelling and extra )
i've got a web dev local and live. On local i like to hit it and see if it shakes. I ran zap against it and it did bring up one or two issues.
I wanted to see if a csrf was being properly sent to a controller. In my base controller i have : Code: public function __construct() As far as i can see when my controller eg Sendmail controller : Code: class Sendmail extends BaseController it seems i don't then have to keep declaring helpers in my controller classes This is how i tested it : in view : <?=form_open('contact') ?> <?= csrf_field() ?> // here i manually put in csrf to be generated, but i've read if you use appropriate helper and the appropriate form open eg: <?=form_open('contact') ?> you don't even need to put in the <?= csrf_field() ?> I'm of course a control freak so i like to do things my way. Now in the bit <?=form_open('contact') ?> 'contact' is in fact a named route; so i am using POST to a ROUTE which passes on to a controller Class called Sendmail in my controller $someVAr= $this->request->getVar(csrf_token()); echo some var So when i posted form on local , entered text i entered into form text boxes was retrieved and I DID SEE a csrf token being echo'd out. Is that what you want to do , check token is produced and recevied ? |
Messages In This Thread |
form submit with csrf not working - by coderscvoen - 11-16-2021, 10:50 PM
RE: form submit with csrf not working - by captain-sensible - 11-17-2021, 02:59 AM
RE: form submit with csrf not working - by coderscvoen - 11-17-2021, 06:33 PM
RE: form submit with csrf not working - by includebeer - 11-17-2021, 07:13 PM
RE: form submit with csrf not working - by simian100 - 11-18-2021, 09:07 AM
|