| Csrf not working sometimes |
|
Hello, I'm new to codeigniter 4 but i was using codeigniter 3 before for 1 year more or less.
I'm facing an issue that i don't understand: Csrf security sometimes is not working even with the hidden input with csrf name and hash. In each of my forms i've added input in this way <input type="hidden" name="<?= csrf_token() ?>" value="<?= csrf_hash() ?>" /> like documentation says. The post were correctly submitted and the security seems to work but sometimes, with any form it throws me the security exception. It happens randomly like the csrf token was not updated, even with non ajax forms. Those are my csrf settings: <?php namespace Config; use CodeIgniter\Config\BaseConfig; class Security extends BaseConfig { /** * -------------------------------------------------------------------------- * CSRF Protection Method * -------------------------------------------------------------------------- * * Protection Method for Cross Site Request Forgery protection. * * @var string 'cookie' or 'session' */ public string $csrfProtection = 'session'; /** * -------------------------------------------------------------------------- * CSRF Token Randomization * -------------------------------------------------------------------------- * * Randomize the CSRF Token for added security. */ public bool $tokenRandomize = true; /** * -------------------------------------------------------------------------- * CSRF Token Name * -------------------------------------------------------------------------- * * Token name for Cross Site Request Forgery protection. */ public string $tokenName = 'ica_token'; /** * -------------------------------------------------------------------------- * CSRF Header Name * -------------------------------------------------------------------------- * * Header name for Cross Site Request Forgery protection. */ public string $headerName = 'ICA_X-CSRF-TOKEN'; /** * -------------------------------------------------------------------------- * CSRF Cookie Name * -------------------------------------------------------------------------- * * Cookie name for Cross Site Request Forgery protection. */ public string $cookieName = 'ica_cookie'; /** * -------------------------------------------------------------------------- * CSRF Expires * -------------------------------------------------------------------------- * * Expiration time for Cross Site Request Forgery protection cookie. * * Defaults to two hours (in seconds). */ public int $expires = 7200; /** * -------------------------------------------------------------------------- * CSRF Regenerate * -------------------------------------------------------------------------- * * Regenerate CSRF Token on every submission. */ public bool $regenerate = true; /** * -------------------------------------------------------------------------- * CSRF Redirect * -------------------------------------------------------------------------- * * Redirect to previous page with error on failure. */ public bool $redirect = false; /** * -------------------------------------------------------------------------- * CSRF SameSite * -------------------------------------------------------------------------- * * Setting for CSRF SameSite cookie token. * * Allowed values are: None - Lax - Strict - ''. * * Defaults to `Lax` as recommended in this link: * * @see https://portswigger.net/web-security/csr...te-cookies * * @deprecated `Config\Cookie` $samesite property is used. */ public string $samesite = 'Lax'; } any ideas why it happen? php 8.1.12 codeigniter 4.3.2 |
| Messages In This Thread |
|
Csrf not working sometimes - by Uhrien - 03-16-2023, 08:37 AM
RE: Csrf not working sometimes - by captain-sensible - 03-17-2023, 02:45 AM
RE: Csrf not working sometimes - by Uhrien - 03-17-2023, 03:52 AM
RE: Csrf not working sometimes - by Uhrien - 03-17-2023, 07:30 AM
RE: Csrf not working sometimes - by kenjis - 03-17-2023, 07:52 PM
|
