Facebook App Deauthorization

[eluser]CappY[/eluser]
Hello.... You can see my question in stackoverflow: http://stackoverflow.com/questions/52248...horization

[eluser]CappY[/eluser]
Vuii.... I just realized the problem....

Code:

|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = TRUE;

The question now is CAN I TURN IT OFF FOR SPECIFIC METHOD or something?

[eluser]osci[/eluser]
I don't think you can block specific methods, unless you alter the security class.

What you can do is turn off global filtering and whenever needed do

Code:

$this->input->post('some_data', TRUE);

[eluser]CappY[/eluser]
What about

Code:

/*
|--------------------------------------------------------------------------
| Cross Site Request Forgery
|--------------------------------------------------------------------------
| Enables a CSRF cookie token to be set. When set to TRUE, token will be
| checked on a submitted form. If you are accepting user data, it is strongly
| recommended CSRF protection be enabled.
|
| 'csrf_token_name' = The token name
| 'csrf_cookie_name' = The cookie name
| 'csrf_expire' = The number in seconds the token should expire.
*/

How can avoid that too ?

Edit: Problem solved.

[eluser]bunsenstraat[/eluser]
XSS filtering is one thing. CSRF is another, it uses a token to verify the request.
so the question remains, what to do with an iframe facebook post request that
has not been signed with this token ? if CSRF global is TRUE in CI, the request is denied.

[eluser]bunsenstraat[/eluser]
one could of course also use $this->security->csrf_verify(); to set and verify csrf cookies on certain
controller input points. that would resolve the need for global csrf true.