Welcome Guest, Not a member yet? Register   Sign In
$config['csrf_exclude_uris'] seems to be ignored
#1

I'm trying to exclude a certain controller/method from CSRF checks, but the $config['csrf_exclude_uris'] setting seems to be ignored.

I'm posting information from a mobile app, but I keep getting an HTTP 403 response unless I completely disable CSRF protection.

Ideally I'd like to exclude all methods of the 'Mobile' controller, but even specifying a particular method doesn't work. I'm using: $config['csrf_exclude_uris'] = array('mobile/login');

Any idea what I may be doing wrong here?
Reply


Messages In This Thread
$config['csrf_exclude_uris'] seems to be ignored - by matbeard - 04-01-2015, 06:37 AM



Theme © iAndrew 2016 - Forum software by © MyBB