How to handle SecurityException #403 globally? |
This exception is already thrown inside a try-catch block in the before method of the CSRF filter (https://github.com/codeigniter4/CodeIgni...s/CSRF.php), but it is only thrown when CI_ENVIRONMENT != production.
In production, the user would be redirected to the previous page as per the below paragraph in the docs (at https://codeigniter.com/user_guide/libra...urity.html): Redirection on Failure Starting with v4.5.0, when a request fails the CSRF validation check, by default, the user is redirected to the previous page in production environment, or a SecurityException is thrown in other environments. Therefore, if your end goal is prevent an exception to be thrown and avoid possible log noise, etc, you can configure public bool $redirect = true in app/Config/Security.php (it is public bool $redirect = (ENVIRONMENT === 'production') by default. Otherwise, if you'd rather going deep down to a lower level dealing with the exception, you can override the CSRF.class and do your customization in the before method. CodeIgniter Wizard (CRUD code generator for Mac) instantly scaffolds Bootstrap-based web applications with an administrative interface (admin templates include Bootstrap5) |
Messages In This Thread |
How to handle SecurityException #403 globally? - by fcoder - 10-28-2024, 12:37 AM
RE: How to handle SecurityException #403 globally? - by InsiteFX - 10-28-2024, 02:38 AM
RE: How to handle SecurityException #403 globally? - by gosocial2 - 10-29-2024, 07:26 AM
|