CSRF makes problem on search page |
Hey guys,
I've created a search engine for my project and the CSRF_protection is TRUE for whole project. At the menu bar i have login and signup button, which is needs CSRF to of the action. I've disable the CSRF for search page because users will search for few things then maybe user wants to click on previous button (from browser) to see the previous search. If CSRF be TRUE will show the error page and i don't want it. i disable the CSRF for only search page like this: PHP Code: $last_segment = explode('/', $_SERVER["REQUEST_URI"]); now after doing this my login and signup doesn't works because the CSRF is FALSE. who can help me in this to have search "without" CSRF and login/signup "with" CSRF ? Thanks
12-12-2015, 03:14 AM
(This post was last modified: 12-12-2015, 04:00 AM by Happy Camper. Edit Reason: Typo )
Hello
I would say there is no need to use the code snippet you posted. Just enable CSRF protection in your config file and set 'csrf_exclude_uri' as required. http://www.codeigniter.com/userguide3/li...rgery-csrf Hope this helps!
thanks for reply,
I didn't get what i wanted, maybe i did wrongly. here is what i did: PHP Code: $config['csrf_exclude_uris'] = array('http://localhost/index.php/search/results'); what I'm doing is: (page1) Search1: test one (page2) Search2: test two when i go back to the search1 page by clicking on the previous button on browser, now i wanna search again: (page1)Search3: test tree Then ill get this: Code: An Error Was Encountered what i need is the search box working without CSRF and login link works with CSRF !
Hi! Why u just dont use GET for search? Then u will not have CSRF protection and problems with it
![]() |
Welcome Guest, Not a member yet? Register Sign In |