Welcome Guest, Not a member yet? Register   Sign In
$config['csrf_exclude_uris'] seems to be ignored
#1

I'm trying to exclude a certain controller/method from CSRF checks, but the $config['csrf_exclude_uris'] setting seems to be ignored.

I'm posting information from a mobile app, but I keep getting an HTTP 403 response unless I completely disable CSRF protection.

Ideally I'd like to exclude all methods of the 'Mobile' controller, but even specifying a particular method doesn't work. I'm using: $config['csrf_exclude_uris'] = array('mobile/login');

Any idea what I may be doing wrong here?
Reply
#2

I had the same thing. Solved it by:

$config['csrf_exclude_uris'] = array(
"log.*+"
);

Disables CRSF for every URL starting with: log ex: "http://site.com/log/message/1"
Reply
#3

(09-08-2016, 12:10 AM)digitalhuman Wrote: I had the same thing. Solved it by:

$config['csrf_exclude_uris'] = array(
   "log.*+"
);

Disables CRSF for every URL starting with: log     ex: "http://site.com/log/message/1"

My hero !  Cool
Reply




Theme © iAndrew 2016 - Forum software by © MyBB