CSRF |
When $config['csrf_protection'] = TRUE,
if I search the site via a search form, click on a search result and then clicks on the browser back button, the browser says: "Webpage has expired" $config['csrf_regenerate'] = FALSE ! if I set $config['csrf_protection'] to TRUE it solves the problem, but obviously this is not a good idea...
Set csrf_regenerate to false otherwise the token stored in your page will be invalid when they click back. http://security.stackexchange.com/questi...rm-request see first reply.
I am working on a old project in CI3.
Added a form and enabled csrf protection. For chrome and firefox, the form gets submitted and it’s working well. But for safari It’s showing “ The action you have requested is not allowed.” i set $config['csrf_regenerate'] = FALSE; Safari generate new token every time i refresh the page. 3rd party cookies also enabled in the settings. Any idea? Thanks! |
Welcome Guest, Not a member yet? Register Sign In |